Cross Origin Resource Sharing (CORS) best practices Free for all A common example is if you own a website that displays content for the public, that is not behind paywalls, or requiring authentication or authorization – you should be able to set Access-Control-Allow-Origin: * to its resources. The * value is a good choice in cases when: No authentication or authorization is required The resource should be accessible to a wide range of users without restrictions The origins & clients that will access the resource is of great variety, you don’t have knowledge of it or you simply don’t care A dangerous prospect of such configuration is when it comes to content served on private networks (i.e. behind firewall or VPN). When you are connected via a VPN, you have access to the files on the company’s network: Oversimplification of VPNs Now, if an attacker hosts as website dangerous.com, which contains a link to a file within the VPN, they can (in theory) create a script on their website th
A lazy programmer loves programming, but hates working, so they work as little as possible. A lazy programmer finds every possible way to avoid working in the weekends. A lazy programmer writes a lot of tests, so QA junks do not waste their time. A lazy programmer documents their code, so thar coworkers do not waste their time. A lazy programmer is a master of delegation. After they delegated a task, they immeditaly forget about it. A lazy programmer do not edit long files, they teach regular expressions how to edit the file in their place. A lazy programmer do not deploy in production, they instruct Jenkins to do that. Therefore a lazy programmer is not afraid of deploying on Friday afternoon. A lazy programmer goes to the office as little as possible, possibly when other non-lazy people are not around, so they don’t waste their time. A lazy programmaer knows the best tools of their trade, so that they can reuse other people work as much as possible. A lazy programmer is easy going, b