Differences between revisions 2 and 3

Web security links

2018 JavaScript and XSS
- https://youtu.be/lTWGoL1N-Kc

CORS

Test cors headers with

curl -H "Origin: https://mydomain.nz" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: X-Requested-With"   -X OPTIONS --verbose https://vigor.nz 2>&1 | grep -i "access\|cors"

Nginx set cors using map to check for $http_origin match

map $http_origin $cors_header {
    default "";
    "~^https?://(localhost|www\.yourdomain\.com" "$http_origin always";
}

server {
  more_set_headers "Access-Control-Allow-Origin: $cors_header";

...

-  ⇤ ← Revision 2 as of 2019-11-04 23:16:39 → 
  Size: 381
  Editor: PieterSmit
  Comment:
+   ← Revision 3 as of 2020-01-20 23:56:15 → ⇥
  Size: 656
  Editor: PieterSmit
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 16:
+ * Nginx set cors using map to check for $http_origin match {{{
map $http_origin $cors_header {
    default "";
    "~^https?://(localhost|www\.yourdomain\.com" "$http_origin always";
}

server {
  more_set_headers "Access-Control-Allow-Origin: $cors_header";

}}}