Browser Origin Policy
From MgmtWiki
Full Title or Meme
Browser Origin Policies are used to determine which data and control flows are allowed based on the URL of the page.
Context
- Origin Policies were initiated to prevent tracking of users from one site to another.
Cookies
- Cookies stored on the user browser space are the typical means of moving data from one website to another, typically using Cross-Origin iFrames.
- Origin-Bound Cookies Explainer https://github.com/sbingler/Origin-Bound-Cookies
- In 2022 over 95% of traffic is over HTTPS, which highlights some problems with cookies as they’re one of the few web platform components that do not respect the origin of their connection:
- Binds cookies to their setting origin (by default) such that they're only accessible by that origin. I.e., sent on a request or visible through `document.cookie`
- Link to entry on the Chrome Platform Status https://chromestatus.com/feature/4945698250293248
- To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra8xjbL9kh3pV9u7YfXm0t4NzrUANr-tu1g23sdmQrU1zA%40mail.gmail.com.
