Differences between revisions 2 and 4 (spanning 2 versions)

Web security links

Links Linux/Curl
2018 JavaScript and XSS
- https://youtu.be/lTWGoL1N-Kc

CORS

Test cors headers with

curl -H "Origin: https://mydomain.nz" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: X-Requested-With"   -X OPTIONS --verbose https://vigor.nz 2>&1 | grep -i "access\|cors"

Nginx set cors using map to check for $http_origin match

map $http_origin $cors_header {
    default "";
    "~^https?://(localhost|www\.yourdomain\.com" "$http_origin always";
}

server {
  more_set_headers "Access-Control-Allow-Origin: $cors_header";

...

-  ⇤ ← Revision 2 as of 2019-11-04 23:16:39 → 
  Size: 381
  Editor: PieterSmit
  Comment:
+   ← Revision 4 as of 2020-01-21 03:12:58 → ⇥
  Size: 681
  Editor: PieterSmit
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 5:
+ * Links [[Linux/Curl]]
-Line 16:
+Line 17:
+ * Nginx set cors using map to check for $http_origin match {{{
map $http_origin $cors_header {
    default "";
    "~^https?://(localhost|www\.yourdomain\.com" "$http_origin always";
}

server {
  more_set_headers "Access-Control-Allow-Origin: $cors_header";

}}}