One of the most important and critical points of web application security is the same origin policy‍ .
This policy‍ prevents a script or a document from getting or setting properties of another document that comes from a different origin.
Same Origin Policy (SOP) is consulted when cross-site HTTP requests are initiated from within client side scripts (e.x javascript‍ ), or when an Ajax request is run

Lets see an example:
The origin of is different from because the protocol used

The origin of is different from because the host is different

Why SOP is important ?
Lets imagine our bank site without the use of the SOP.
An malicious attacker invites us to visit a site when we are already logged in our bank.
What can be happen here is the attacker could craft a malicious page and once we visit , he could have access in some personal information from are bank account.

How does SOP works? A document (HTML page) can access (through JavaScript) the properties of another document only if they have the same origin.
More precisely, the browser always performs the request successfully but it returns the response to the user only if the SOP is respected.

Here are some examples:1) The document index.html on domain‍ (referred to as origin1: ) wants to access, via an Ajax request, the home.html page on domain (referred
to as origin2: ). This is not possible due the different SOP

2) We have two documents: the main document http// and the iframe document http// .
The two documents share the same SOP , so each document can access the other via javascript‍ .

Exceptions: There are few exception to SOP restrictions like
cross window messaging
cross origin resource sharing (CORS)