Explore >> Select a destination
|
You are here 
|
parsiya.net | ||
| | | | |
www.moesif.com
|
|
| | | | | An in-depth guide to Cross-Origin Resource Sharing (CORS) for REST APIs, on how CORS works, and common pitfalls especially around security. | |
| | | | |
www.sjoerdlangkemper.nl
|
|
| | | | | In cross origin requests, the authorization header can be sent in two ways: either by the browser or specified along with the request. This article explains which CORS headers you need for each. | |
| | | | |
ionutbalosin.com
|
|
| | | | | [AI summary] The provided text is a comprehensive guide on implementing security measures in Java applications, focusing on authentication, authorization, and various HTTP security headers. It covers topics such as API security, token introspection, JSON Web Key Set (JWKS), Content Security Policy (CSP), Cross-Origin Resource Sharing (CORS), HTTP Strict Transport Security (HSTS), and other security headers like X-XSS-Protection, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy. The guide includes code snippets for configuring these security measures in a Java application and emphasizes the importance of using these headers to mitigate common web vulnerabilities and enhance application security. | |
| | | | |
mathieu.fenniak.net
|
|
| | | Cross-site request forgery (CSRF) is a type of security exploit where a user's web browser is tricked by a third-party site into performing actions on websites that the user is logged into. It is often a difficult attack to pull off, as it requires a number of factors to line up at once. Protecting against it requires good discipline and good design practices, especially when it comes to protecting Web APIs. Here's a brief example of a fictitious CSRF attack against a bank: | ||
