Differences between revisions 3 and 4
Revision 3 as of 2020-01-20 23:56:15
Size: 656
Editor: PieterSmit
Comment:
Revision 4 as of 2020-01-21 03:12:58
Size: 681
Editor: PieterSmit
Comment:
Deletions are marked like this. Additions are marked like this.
Line 5: Line 5:
 * Links [[Linux/Curl]]

Web security links

CORS

  • Test cors headers with

curl -H "Origin: https://mydomain.nz" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: X-Requested-With"   -X OPTIONS --verbose https://vigor.nz 2>&1 | grep -i "access\|cors"
  • Nginx set cors using map to check for $http_origin match

    map $http_origin $cors_header {
        default "";
        "~^https?://(localhost|www\.yourdomain\.com" "$http_origin always";
    }
    
    server {
      more_set_headers "Access-Control-Allow-Origin: $cors_header";

...

Security/Web (last edited 2020-01-21 03:12:58 by PieterSmit)