Web Same-Origin-Policy Lab

Zutao Zhu

11/06/2009

Outline

• Background

• Setting

• SOP

Background

• Document Object Model (DOM)

• Cookie

• XMLHttpRequest

• HTML

• LiveHTTPHeaders extension for Firefox

• The Document Object Model (DOM) is a cross-platform and language-independent convention for representing and interacting with objects in HTML, XHTML and XML documents. – from wiki

Cookie

• Cookies are placeholders for server-provided data in the web browser typically used to track sessions.

• Each cookie is a key-value pair such as "color=green" and may have some optional attributes.

• Web applications can create a cookie in the web browser using the set-cookie header in the HTTP response.

Cookie (cont.)

• After cookies are created, web browsers attach the cookies in all the subsequent requests to the web application.

• In a JavaScript program, All the cookies in the web application can be referenced using document.cookie object.

• In cookie-based session-management schemes, web applications store the session identifier in a cookie in the web browser.

Use Live HTTP Header (tools)

XMLHttpRequest

• XMLHttpRequest has an important role in the AJAX web development technique. – from wiki

• http://www.w3.org/TR/XMLHttpRequest/• <script>

xhr = new XMLHttpRequest();xhr.open(POST,"http://www.originalphpbb.com/posting.php",true);

xhr.send(null);

</script>

• http://www.w3schools.com/TAGS/tag_a.asp– frame– iframe– img– a

LiveHTTPHeaders

• Observe the post request

• Observe the response

• Observe the cookie

Setting

• about:config in address bar of Firefox

• Origin: <protocol, domain, port>– Protocol: http://, file://, ftp://, etc.– Domain: microsoft.com, google.com, etc.– Port: 80, 8080, 21, 3128, etc.

• The SOP identifies each web site using its origin, and creates a context for each origin.

• For each origin, the web browser creates a context and stores the resources of the web application from the origin in the context.

• JavaScript programs from one origin are not allowed to access resources from another origin.

Examples

• checks against the URL "http://www.example.com/dir/page.html". -- from wiki

Resources for SOP

• Cookie

• History

• URL

• Contents

• Etc.

• When in URL bar, I input some cross domain web page, can you use “forward” and “backward”?

• Is the URL showing?

Tags do not honor SOP

• Find out by yourself!

Reference

• http://wikipedia.org/

• http://www.w3.org/TR/2008/WD-XMLHttpRequest2-20080930/

• http://getfirebug.com/

Web Same-Origin-Policy Lab

Documents

Transcript of Web Same-Origin-Policy Lab

Tissues and Histology Tissues - collections of similar cells with same embryonic origin performing a similar function.

High School Lab Science Earth Systems Science€¦ · These same processes governed the formation of our solar system 4.6 billion years ago. 1. Origin of Modern Astronomy, the work

History of Precision Measuring Instruments The Origin … · History of Precision Measuring Instruments The Origin and Evolution of ... out around the same time and the title ...

Same Origin Policy - Encsclark/courses/1901-6150/scribe/L1… · Same Origin Policy scripting every re ee on a page is tagged by your browser with its origin R c inuye frame script

· problems in which the origin point is the same as the destination point. ... The routing problem due to coincident origin and destination is generally known as the ...

Earthquake Origin Causes and effects Lab. goals In an earthquake, will all parts of a city suffer the same damage? What factors may affect the damage.

Bypassing Same Origin Policy - Hacking-Lab · 2010. 9. 7. · Tel +41 55-214 41 60 Fax +41 55-214 41 61 team@csnc.ch Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640

git/unix Lab - Cornell University · Git/Unix Lab March 2015. ... $> git pull origin master #Fetch changes from repo ... Create & Delete Commands mkdir : Make Directory

Chemistry Lab Manual - Liberty University Christian ... Lab Manual 2012-2013 ... Alka Seltzer Strength o Go to Late nite lab. 9 o Follow the same steps as Sample Lab Unit 9 Carbon

Bringing the Same-Origin Policy to its Knees

SPEAKING THE SAME LANGUAGE: Ensuring a smooth lab turnover, from construction to operations

Lab-to-Genesis How to find the origin of matter in …...Introduction Neutrino oscillations Leptogenesis Experimental searches LAB-TO-GENESIS HOW TO FIND THE ORIGIN OF MATTER IN EXISTING

The Same Origin Policy

Lab Exercises - pudn.comread.pudn.com/downloads142/doc/618733/tux-a11-80/a11-lab-guide.pdf · The lab exercises are labeled with the same abbreviated module name used for a particular

Frame isolation and the same origin policy Collin Jackson CS 142 Winter 2009.

Eukaryotic Origin-Dependent DNA Replication In Vitro ...web.mit.edu/bell-lab/_include/publications/mmc2 (4).pdf · Eukaryotic Origin-Dependent DNA Replication In Vitro Reveals Sequential

Homology Serial Homology Analogy - 2 individuals - structures have same developmental origin and same or different functions - 2 structures on 1 individual.

Population Genetics Ch. 23 and Beyond; Lab/Lecture Same.

Cookie same origin policy - Stanford Crypto Group

NCHU System & Network Lab Lab 15 Record Locking. NCHU System & Network Lab Record Locking (1/4) What happens when two process attempt to edit the same.