Categories
Resources Web Security

CORS cross origin resource sharing links and resources for developers

CORS Cross origin resource sharing allows you to decide if a script from a domain other than your website/app can access data aka make AJAX calls etc. to your server. For your frontend API you probably want to limit the origin to just your domain. For a developer API you probably want to allow all origins.

CORS for Developers by W3C – explains CORS for developers in clear wording

Configuring play framework 2.8 CORS filter

 

Categories
Resources Web Security

Server and cloud security resources and links

CSP Cheat Sheet – CSP content security policy is for setting server security policies for accessing your systems content/files etc.

Configuring Play Framework Content Security Policy Headers

Categories
Resources Web Security

Web App security resources

Practical HTTP Host header attacks – Must read to understand how hackers use HTTP headers to hack websites.

Link to OWASP cheatsheet  – a good cheat sheet