Developers don't understand CORS - Chris Foster


42 bookmarks. First posted by strzalek 7 days ago.


So what would a secure implementation of this feature look like? The webserver listening in on localhost:19421 should implement a REST API and set a Access-Control-Allow-Origin header with the value https://zoom.us. This will ensure that only Javascript running on the zoom.us domain can talk to the localhost webserver. Further, to stop pages being able to open Zoom meetings automatically in the background zoom.us should have a Content Security Policy header that blocks rendering within an iframe.
security  tips  rest  web-development 
yesterday by some_hren
explanation - worth reading
cors 
4 days ago by ElliotPsyIT
The recent Zoom vulnerability is just one of many examples which show us that many developers do not understand how CORS works
CORS 
4 days ago by hersh.verthun
The recent Zoom vulnerability is just one of many examples which show us that many developers do not understand how CORS works
api  cors  security 
6 days ago by geetarista
The recent Zoom vulnerability is just one of many examples which show us that many developers do not understand how CORS works
CORS  web  security 
6 days ago by danhorst
RT : Developers don't understand CORS ()
from twitter_favs
6 days ago by jabbrwcky
One of the best things about working in full stack consulting is that I get to work with a great number of developers with different skill levels in companies from various sizes and industries. This provides an opportunity to see what universal struggles come up. One that seems common and relevant recently is this: Too many web developers do not understand how CORS works.
security  webdev 
7 days ago by Chirael
Developers don't understand CORS via Instapaper https://fosterelli.co/developers-dont-understand-cors
IFTTT  Instapaper 
7 days ago by zhangtai
On Cross-Origin Resource Sharing and localhost.
rest  api  webstuff  security 
7 days ago by jalderman
The recent Zoom vulnerability is just one of many examples which show us that many developers do not understand how CORS works
webdev  development  security 
7 days ago by berberich
Developers don't understand CORS July 10, 2019 — Chris Foster One of the best things about working in full stack consulting is that I get to work with a great…
from instapaper
7 days ago by carkmorwin
One of the best things about working in full stack consulting is that I get to work with a great number of developers with different skill levels in companies from various sizes and industries. This provides an opportunity to see what universal struggles come up.
Archive 
7 days ago by pesche
The recent Zoom vulnerability is just one of many examples which show us that many developers do not understand how CORS works
cors 
7 days ago by strzalek