Web security links

Links Linux/Curl
2018 JavaScript and XSS
- https://youtu.be/lTWGoL1N-Kc

CORS

Test cors headers with

curl -H "Origin: https://mydomain.nz" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: X-Requested-With"   -X OPTIONS --verbose https://vigor.nz 2>&1 | grep -i "access\|cors"

Nginx set cors using map to check for $http_origin match

map $http_origin $cors_header {
    default "";
    "~^https?://(localhost|www\.yourdomain\.com" "$http_origin always";
}

server {
  more_set_headers "Access-Control-Allow-Origin: $cors_header";

...