SOP restricts one origin's script from reading another origin's data (responses, DOM, cookies). It does not stop requests from being sent (that is why CSRF works), does not block navigation, and is enforced by the browser, not the server.
Official docs