• Security
• Web

Web security links

• Links Linux/Curl

• 2018 JavaScript and XSS

  • https://youtu.be/lTWGoL1N-Kc

CORS

• Test cors headers with

curl -H "Origin: https://mydomain.nz" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: X-Requested-With"   -X OPTIONS --verbose https://vigor.nz 2>&1 | grep -i "access\|cors"

• Nginx set cors using map to check for $http_origin match

  map $http_origin $cors_header {
      default "";
      "~^https?://(localhost|www\.yourdomain\.com" "$http_origin always";
  }
  
  server {
    more_set_headers "Access-Control-Allow-Origin: $cors_header";

...