0 views collected around this technical thread.
This article demonstrates how Nginx’s default behavior ignores request headers containing underscores, causing missing parameters in a Spring Boot application, and shows how to configure the 'underscores_in_headers on;' directive to correctly forward such headers, with code examples and testing via Postman.
This article explains how to diagnose and fix common CORS problems when a front‑end site on port 8080 accesses a back‑end service on port 59200 by configuring Nginx as a proxy, detailing the required response headers, handling preflight requests, and providing complete example configurations.
Learn how Cross-Origin Resource Sharing (CORS) works, when it’s needed, the role of preflight requests, essential HTTP headers, and step-by-step Spring Boot solutions—including @CrossOrigin annotations, global configuration, and custom filters—to securely enable cross-domain calls in your applications.
Cross-Origin Resource Sharing (CORS) extends the Same-Origin Policy by permitting controlled cross‑origin requests through simple and preflight flows, using specific headers and credential rules, thereby balancing web security against threats like XSS, CSRF, and injection attacks while enabling safe resource sharing.
This article explains how to overcome browser Same-Origin Policy restrictions in PHP by using a proxy server with cURL for request forwarding or by setting appropriate Access-Control-Allow-Origin response headers, including code examples and security considerations.
This article explains the fundamentals of the browser Same‑Origin Policy, the security risks it mitigates, and how Cross‑Origin Resource Sharing (CORS) with simple and preflight requests enables controlled cross‑domain communication while protecting user data.
The article explains why calling PHP's session_start() multiple times generates duplicate Set-Cookie headers, provides a code-based fix using session_abort() and header_remove(), and discusses session file locking, cookie lifetime, and garbage collection settings to manage session behavior effectively.
HTTP Referer is a header field that indicates the source URL of the current webpage, playing a crucial role in web security, analytics, and troubleshooting, with various Referrer-Policy strategies controlling how much information is shared.
This article explains when cross‑origin problems occur due to the browser's same‑origin policy, describes the restrictions it imposes, and provides detailed Nginx add_header configurations—including specific and global examples—to enable Access‑Control‑Allow‑Origin and Access‑Control‑Allow‑Methods headers for CORS resolution.
This article explains the fundamentals of Cross‑Origin Resource Sharing (CORS) and the Same‑Origin Policy, illustrates common misconfigurations and attack scenarios such as origin reflection, null origin whitelisting, and TLS downgrade, and provides best‑practice mitigation techniques for secure web development.
This article explains the purpose, possible values, and security impact of the Sec-Fetch request headers introduced by the Fetch Metadata specification, showing how browsers automatically add them, how servers can use them to filter illegal requests, and providing practical policy examples and code snippets.
This article explains how to use Python's urllib2 library for web scraping, covering basic page fetching, proxy configuration, cookie handling, form submission, header manipulation, anti‑hotlink techniques, and advanced methods like Selenium to bypass restrictions.
The article explains how the Server‑Timing HTTP header can be used to transmit arbitrary server‑side metrics to the client, shows how to send multiple timing values, demonstrates Chrome DevTools support, warns about exposing sensitive data, and introduces a small hapi plugin that simplifies adding the header.
This article explains how browsers cache resources using HTTP headers such as Last-Modified, Expires, Cache-Control and ETag, demonstrates Java Spring MVC code to set these headers, and shows how to configure Nginx for both static and proxy caching to reduce backend load and improve performance.
This article explains how browsers cache resources, the role of HTTP response headers such as Last-Modified, Expires, Cache-Control, ETag, and Age, and provides practical examples of controlling cache behavior with Spring MVC code and detailed Nginx configuration for both static and proxy caching.
The article examines how HTTP header and cookie parameters can serve as SQL injection vectors, evaluates the coverage of commercial and open‑source web vulnerability scanners, demonstrates manual testing techniques, and recommends tools such as sqlmap for comprehensive security assessments.
This article explains the fundamentals of browser caching, covering strong and negotiated cache principles, HTTP header configurations such as Expires and Cache‑Control, practical code examples for managing cache in Java, and common development techniques to control or bypass caching for optimal web performance.
This article explains how browsers cache resources, the role of HTTP response headers such as Expires, Cache‑Control, ETag and Last‑Modified, and how conditional requests and different refresh actions affect caching behavior to improve web performance.