Web 安全:同源策略

Web 安全:同源策略

In network communications, knowing where something came from can often be as important as what it contains. Browsers can be particular about this, sometimes surprising developers when things can't be reached or connected. In this course, learn how same-origin policies play an important role in web security, so you can develop secure, interactive sites. Find out how to build Ajax requests using headers that affect the origin, how to work with server-only cookies, how to create secure communications between browser windows or tabs from the same origin, and more.

Topics include:

  • Working with browser security features
  • Configuring servers for testing
  • Defining an origin
  • Cross-site scripting attacks
  • Cross-site request forgery attacks
  • Working with a received message
  • Specifying the allowed message sender origin
  • Sharing cookies across subdomains
  • Restricting the path of a cookie


  • 英文名称:Web Security: Same-Origin Policies
  • 时长:1小时54分
  • 字幕:英语


  1. Working with browser security features
  2. What you should know
  3. Set up your environment
  4. Configure servers for testing
  5. Understanding same-origin policies
  6. Defining an origin
  7. Cross-site scripting attacks
  8. Cross-site request forgery attacks
  9. Cross-origin resource sharing
  10. Create a permissive Access-Control-Allow-Origin header
  11. Create a tailored Access-Control-Allow-Origin header
  12. The Content-Security-Policy header
  13. Build a Content Security Policy header
  14. Create a Content Security Policy meta element
  15. Create a Content Security Policy for a widget
  16. Create a highly restrictive Content Security Policy
  17. The Strict-Transport-Security header
  18. Implement the Strict-Transport-Security header
  19. Include subdomains in Strict-Transport-Security
  20. Add a domain to the Strict-Transport-Security preload list
  21. Code that communicates across windows
  22. Implement the postMessage method
  23. Work with a received message
  24. Specify the target domain for a message
  25. Specify the allowed message sender origin
  26. Use cross-window data in an app
  27. How cookie origins are defined
  28. Restrict a cookie to a subdomain
  29. Share cookies across subdomains
  30. Restrict the path of a cookie
  31. Limit a cookie to the same site
  32. Work with server-only cookies
  33. Next steps