Archives for Browsers
How Can a Hacker Abuse Poor CORS Configuration?
Basic High Level Flow The attacker hijacks your authentication credentials (your cookie) - and uses that to call a sensitive API. If the API is callable from 'all origins', then…
What the heck is CORs? Can CloudFlare help me with CORs security issues?
Why CORS Is Important (And How to Secure It) Why CORS Is Important (And How to Secure It) What is CORS and why is it important? CORS (Cross-Origin Resource Sharing)…
Preventing CORS – Server Explicitly Sets CORS Headers for an HTTP Request versus CloudFlare
How a Server Explicitly Sets CORS Headers for an HTTP Request A server explicitly sets CORS headers by including them in the HTTP response to a cross-origin request. These headers…
Securing Browser Cookies in Outbound SSO: Best Practices
Securing Browser Cookies in Outbound SSO: Best Practices In an outbound Single Sign-On (SSO) scenario, a user logs into Site 1, which then authenticates access to Site 2. During this…
From Chrome, clear a specific site’s cached content
Type chrome://settings Basically, go into the advanced tab on the ‘clear browsing content’ – and pick ‘Site Settings’
Browser Reload without retrieving cached pages
It is a pain to clear out the cache everytime while testing some simple client side change in your web app. CTRL F5 reloads the page afresh, without checking the…
IE compatibility testing–Internet explorer
I tried various tools including IE developer tools (in IE 11) – and IE Tester. These are all desktop based – and require software downloads and local testing. Someone pointed…