What should be Allowed?

Before understanding or talking about same origin policy, lets ask below questions from ourselves

• Should site A be able to embed site B? Yes
• Should site A be able to link to site B? Yes
• Should site A be able to embed site B and modify its contents? No
• Should site A be able to submit a form to site B? Yes
• Should site A be able to embed images from site B? Yes
• Should site A be able to embed scripts from site B? Yes
• Should site A be able to read data from site B? No

Try answering these questions at end of the talk. You will definetly feel more confident answering them lator