In the computing world, the same-origin policy is at the most important concept in the security model available for web applications. This policy permits SCRIPTS running on the pages that are originating from the same source or site. Origin is a combination of schemes, hostname and port number, to access each other’s DOM with no specific restrictions but at the same time, it prevents access to DOM on different sites.

The Same-origin policy also applies to an XML, HTTP request and to web socket. This mechanism bears a particular significance for modern web applications that are using user logins are extensively dependent on HTTP cookies to maintain user sessions that are authenticated, as servers act based on HTTP cookie information to reveal sensitive information or take state-changing ACTIONS. A strict separation between content provided by the unrelated sites must be MAINTAINED on the client-side to prevent the loss of data confidentiality or integrity.

Policies could have different specifications; all browsers are having an implementation of same-origin policy as it is an unavoidable security concern. An algorithm is used to evaluate the origin of the specified URL. For absolute URL, origin contains protocol, host and port number. If the URL is not absolute, then a unique identifier is used. Any two resources are considered as from the same origin only if all of the values are exactly the same.

Same Origin policy prevents JAVASCRIPT code from accessing elements from a domain that is different from where it was launched. To overcome the Same-origin policy, Selenium RC was introduced. Prior to Selenium RC, testers REQUIRE to install local copies of both Selenium Core and the web server containing the web application being tested so they would belong to the same domain.