A rather geeky/technical weblog, est. 2001, by Bramus
Jake Archibald takes a deep dive into CORS: CORS is hard. It’s hard because it’s part of how browsers fetch stuff, and that’s a set of behaviours that started with the very first web browser over thirty years ago. Since then, it’s been a constant source of development; adding features, improving defaults, and papering over …
If you’re not entirely familiar with CORS, this guide by Lydia Hallie will explain it to you using lots of visuals. CS Visualized: CORS →
Jake Archibald discovered a really nice browser bug (which is fixed by now) by which he was able to steal data from remote sites by loading it in as a (fake) wav file. The exploit works as follows: Make a request to evil-script, using a Content-Range header to suggest there’s more data to be loaded …
Continue reading “Wavethrough – Stealing data from remote sites through (fake) wav files”
Just pushed a new project to GitHub named Simple REST API Explorer, a simple way to showcasing and exploring all endpoints of your RESTful API. The demo allows you to call some Twitter API endpoints a sample RESTful API I’ve quickly knocked up as the Twitter API is rather unstructured. Update the index.html file to …
Cross-Origin Resource Sharing (CORS) works by adding a special header to responses from a server to the client. If a response contains the Access-Control-Allow-Origin header, and if the browser supports CORS, then there is a chance you can load the resource directly with Ajax – no need for a proxy or JSONP hacks. Using CORS …