This is based on an email I send my .NET team at work
Happy Friday,
I come across a lot of interesting articles and stuff during the week and I wanted to pass some of it along. I’m going to try and keep doing this until people tell me its annoying.
I’ll generally have 2 or 3 links with brief commentary.
Enabling CORS in WebAPI
http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api
Generally browsers prohibit javascript from making AJAX requests to other domains. This is a security mechanism so that if a site (maybe not even your own!) is susceptible to a cross-site-scripting vulnerability, the attacker wont be able to trick the browser into performing actions the user didn’t intend.
For example, if our site had a /api/DeleteUser endpoint, and some
random blog your user visited had a XSS vulnerability, the attacker
could inline some javascript that made an AJAX POST to
http://ourdomain.com/api/DeleteUser. The no cross-origin request
policy protects us from this.
When CORS is enabled on the API server, it tells the browser, “yes, its OK to let those requests through as long as they originated from ‘ourdomain.com’ or ‘ourotherdomain.com’”. You might use this if you wanted to share a single API server across multiple different web site front-ends, or if you were building a service who’s explicit purpose was to be used on any number of websites.
Nerdery HTML/CSS Standards
https://github.com/thenerdery/html-css-standards
I think it’s really helpful for us to at least be familiar with how our client side teams do HTML and CSS. If you’re like me, you probably feel like you can “get things done” in the front-end, but have probably not really given it much study. But I think there’s a lot of value in server side focused developers who maintain a passing familiarity with the how client-side development works. It will let you help make small changes, decide how to integrate the client side build in the CMS or framework, and make you a better technical resource for clients.
Did you know there was a difference between dashes (-) and underscores
(_) in our CSS? Or to reasoning for why so many elements have a half
dozen classes on them? Or why you should avoid element and nested
selectors?
I read through these and realized everything I thought I knew about CSS was wrong.
Have a look and see what you think.