This article explains the same‑origin policy, why browsers enforce it, how CORS works—including simple requests, preflight OPTIONS checks, required headers, and credential handling—while providing practical examples and a complete request‑flow diagram for secure web development.
Even though modern browsers enforce sandboxing and many frameworks add XSS defenses, a successful cross‑site scripting attack can still break through server and browser protections, allowing attackers to hijack sessions, steal data, scan internal networks, exploit browser bugs, or run cryptojacking scripts.
This tutorial explains the browser same‑origin policy, demonstrates a cross‑origin request failure between two servers, and shows how to configure Nginx with appropriate Access‑Control headers to enable CORS and allow the client to retrieve JSON data safely.
This article explains the browser same‑origin policy, demonstrates a CORS problem using two servers with an AJAX request, and provides a complete Nginx configuration—including add_header directives—to enable cross‑origin access and resolve the error.
The article explains the fundamentals of the browser's same‑origin policy, the security risks it mitigates, how Cross‑Origin Resource Sharing (CORS) works—including simple and preflight requests—and best practices for handling credentials and header restrictions.
This article explains the same‑origin policy, its role in protecting browsers from XSS, CSRF and other attacks, illustrates how origins are defined with protocol, host and port, and details how CORS, simple requests and preflight requests enable controlled cross‑origin communication.
This article explains the fundamentals of the Same-Origin Policy, its security implications for DOM, data, and network access, and provides a detailed walkthrough of CORS, including simple requests, preflight requests, and handling of credentials to protect web applications.
This article explains the browser's Same‑Origin Policy, its role in preventing XSS, CSRF and other attacks, and details how Cross‑Origin Resource Sharing (CORS) works, including simple requests, preflight requests, credential handling, and provides a complete request flow diagram.
This article explains why browsers may issue a duplicate POST request by exploring the same‑origin policy, the mechanics of CORS, the criteria for simple requests, the structure of preflight OPTIONS requests, credential handling, and how development tools like Webpack Dev Server bypass these restrictions.
This article explains the same‑origin policy, its role in restricting DOM, data, and network access, introduces Cross‑Origin Resource Sharing (CORS) with simple and preflight requests, and outlines how servers should configure headers to safely enable cross‑origin communication.
Cross-Origin Resource Sharing (CORS) extends the Same-Origin Policy by permitting controlled cross‑origin requests through simple and preflight flows, using specific headers and credential rules, thereby balancing web security against threats like XSS, CSRF, and injection attacks while enabling safe resource sharing.
This article explains the same‑origin policy, its role in protecting web applications, how browsers enforce it through DOM, web‑data, and network restrictions, and how Cross‑Origin Resource Sharing (CORS) and preflight requests enable controlled cross‑origin communication while maintaining security.
This article explains the fundamentals of the browser Same‑Origin Policy, the security risks it mitigates, and how Cross‑Origin Resource Sharing (CORS) with simple and preflight requests enables controlled cross‑domain communication while protecting user data.
This article explains the concept of cross‑origin requests, the same‑origin policy that restricts them, and presents three practical frontend solutions—JSONP, a server‑side proxy using Nest.js, and Webpack dev‑server proxy configuration—along with code examples and security considerations.
This article explains the browser's Same‑Origin Policy, why it blocks cross‑origin requests, and how CORS—including simple requests, preflight checks, and credential handling—provides a secure mechanism for controlled resource sharing across different origins.
This article explains the browser's Same-Origin Policy, its impact on DOM, data, and network access, and how Cross-Origin Resource Sharing (CORS) and preflight requests enable controlled cross-origin communication while preserving security.
This article explains the browser's Same‑Origin Policy, its restrictions on DOM, data and network access, and how Cross‑Origin Resource Sharing (CORS) with simple and preflight requests enables controlled cross‑origin communication while mitigating security risks.
This article explains how to combine reflected and stored cross‑site scripting attacks with same‑origin policy abuse to turn a low‑severity XSS vulnerability into a high‑severity issue, detailing discovery, exploitation steps, and a JavaScript payload that harvests user data.
This article explains the CORS standard, how browsers enforce same‑origin policy, the definitions of simple and preflight requests, required HTTP headers, credential handling, and typical configuration mistakes that cause CORS errors, illustrated with code examples and tables.
This article explains what cross‑origin (CORS) is, how the browser's same‑origin policy restricts scripts, lists allowed tags, describes common cross‑origin scenarios, and provides practical PHP header code, proxy techniques, and Nginx reverse‑proxy configurations to resolve CORS issues.
This article explains the fundamentals of Cross‑Origin Resource Sharing (CORS) and the Same‑Origin Policy, illustrates common misconfigurations and attack scenarios such as origin reflection, null origin whitelisting, and TLS downgrade, and provides best‑practice mitigation techniques for secure web development.
This article explains the Same-Origin Policy, its security purpose and restrictions, introduces CORS as a solution for cross‑origin AJAX requests, and provides three practical ways—annotation, filter, and WebMvcConfigurerAdapter—to enable CORS in a Spring Boot application.
The article explains how the 58 Group’s cloud account platform consolidates multiple account systems and provides a unified SDK, detailing cross‑domain challenges, same‑origin policy, and practical solutions such as JSONP, iframe proxies, independent domains, 302 redirects, and CORS to ensure secure, efficient login integration across web, app, and PC clients.
