Lemmy.World
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
cm0002@infosec.pub to Programming@programming.dev · 3 days ago

CORS: What is it protecting?

sanyamserver.online

external-link
message-square
8
link
fedilink
  • cross-posted to:
  • [email protected]
69
external-link

CORS: What is it protecting?

sanyamserver.online

cm0002@infosec.pub to Programming@programming.dev · 3 days ago
message-square
8
link
fedilink
  • cross-posted to:
  • [email protected]
CORS: What is it protecting? | Engineering Notes
sanyamserver.online
external-link
CORS is a browser security mechanism, not a server one. What the Origin header and preflight checks actually do, what CORS protects against, and why it is not CSRF protection.
alert-triangle
You must log in or # to comment.
  • adhdsergio
    link
    fedilink
    arrow-up
    11
    ·
    2 days ago

    When I first learned about CORS, I had trouble understanding it because I couldn’t figure out how this protected the server and I couldn’t understand why you would do this just for the client 😄

  • cout970@programming.dev
    link
    fedilink
    arrow-up
    8
    ·
    2 days ago

    One thing to note, CORS only makes sense if your API uses cookies for authentication, most APIs use custom headers, the Authentication header, or even url tokens, they don’t rely on cookies, so most of the time, APIs don’t care about CORS. People keep blindly repeating that accepting all origins “*”, is bad for security, but the situations where this is relevant are really uncommon.

    • bitfucker@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      2 days ago

      I wonder if XSS, CSRF and other client side attacks are still common

  • ryokimball@infosec.pub
    link
    fedilink
    arrow-up
    31
    arrow-down
    4
    ·
    3 days ago

    Absolutely NOTHING! Good God, y’all.

    • univers3man@piefed.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      2 days ago

      I get the reference

      • SorteKanin@feddit.dk
        link
        fedilink
        arrow-up
        1
        ·
        2 days ago

        Enlighten me

        • ryokimball@infosec.pub
          link
          fedilink
          arrow-up
          1
          ·
          2 days ago

          https://www.youtube.com/watch?v=hZJRJpbGkG4

    • ryokimball@infosec.pub
      link
      fedilink
      arrow-up
      2
      ·
      3 days ago

      I deserve the downvotes, not even mad.

  • jokro@feddit.org
    link
    fedilink
    arrow-up
    1
    ·
    2 days ago

    deleted by creator

Programming@programming.dev

programming@programming.dev

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person’s post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you’re posting long videos try to add in some form of tldr for those who don’t want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]



Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 276 users / day
  • 814 users / week
  • 2.96K users / month
  • 8.52K users / 6 months
  • 7.24K local subscribers
  • 27.5K subscribers
  • 3.31K Posts
  • 45.2K Comments
  • Modlog
  • mods:
  • Ategon@programming.dev
  • snowe@programming.dev
  • UlrikHD@programming.dev
  • bugsmith@programming.dev
  • Spyro@programming.dev
  • UI: 0.19.19-4-g32c157fc
  • BE: 0.19.19-8-g30bb3e220
  • Modlog
  • Legal
  • Instances
  • Docs
  • Code
  • join-lemmy.org