Search
Don’t Snore on CORS
10.11.2021
Whatever, I just needed a title. Everyone’s favorite web security feature has crossed my desk a bunch of times lately and I always feel like that is a sign I should write something because that’s what blogging is.
The main …
The post Don’t Snore on CORS appeared first...
Securing Your Website With Subresource Integrity
14.6.2021
When you load a file from an external server, you’re trusting that the content you request is what you expect it to be. Since you don’t manage the server yourself, you’re relying on the security of yet another third party …
The post Securing Your Website With Subresource Integrity appeared...
Weekly Platform News: Reduced Motion, CORS, WhiteHouse.gov, popups, and 100vw
26.2.2021
In this week’s roundup, we highlight a proposal for a new <popup> element, check the use of prefers-reduced-motion on award-winning sites, learn how to opt into cross-origin isolation, see how WhiteHouse.gov approaches accessibility, and warn the dangers of 100vh.…
The post...
What I Like About Vue
25.7.2019
Dave Rupert digs into some of his favorite Vue features and one particular issue that he has with React:
I’ve come to realize one thing I don’t particularly like about React is jumping into a file, reading the top for the state, jumping to the bottom to find the render function, then following...
Zoom, CORS, and the Web
23.7.2019
It's sorta sad by funny that that big Zoom vulnerability thing was ultimately related to web technology and not really the app itself.
There is this idea of custom protocols or "URL schemes." So, like gittower:// or dropbox:// or whatever. A native app can register them, then URLs that hit them...