6a96547ef0
git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@485 4033779f-a91e-0410-96ef-6bf7bf53c507
14 lines
680 B
HTML
14 lines
680 B
HTML
<div align="Center">
|
|
<p><b>Lesson Plan Title: </b>Same Origin Policy Protection</p>
|
|
</div>
|
|
<p><b>Concept / Topic To Teach:</b> </p>
|
|
<!-- Start Instructions -->
|
|
A key element of AJAX is the XMLHttpRequest (XHR), which allows javascript to make asynchronous
|
|
calls from the client side to a server. However, as a security measure these requests may
|
|
only be made to the server from which the client page originated.
|
|
<!-- Stop Instructions -->
|
|
<p><b>General Goal(s):</b> </p>
|
|
This exercise demonstrates the Same Origin Policy Protection. XHR requests
|
|
can only be passed back to the originating server. Attempts to pass data to
|
|
a non-originating server will fail.";
|