#format wiki
#language en

= Web security links =
 * Links [[Linux/Curl]]

 * 2018 JavaScript and XSS
   * https://youtu.be/lTWGoL1N-Kc

= CORS =
 * Test cors headers with 
{{{

curl -H "Origin: https://mydomain.nz" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: X-Requested-With"   -X OPTIONS --verbose https://vigor.nz 2>&1 | grep -i "access\|cors"

}}}
 * Nginx set cors using map to check for $http_origin match {{{
map $http_origin $cors_header {
    default "";
    "~^https?://(localhost|www\.yourdomain\.com" "$http_origin always";
}

server {
  more_set_headers "Access-Control-Allow-Origin: $cors_header";

}}}
...