This is based on an email I send my .NET team at work
I come across a lot of interesting articles and stuff during the week and I wanted to pass some of it along. I’m going to try and keep doing this until people tell me its annoying.
For example, if our site had a
/api/DeleteUser endpoint, and some
random blog your user visited had a XSS vulnerability, the attacker
http://ourdomain.com/api/DeleteUser. The no cross-origin request
policy protects us from this.
When CORS is enabled on the API server, it tells the browser, “yes, its OK to let those requests through as long as they originated from ‘ourdomain.com’ or ‘ourotherdomain.com’”. You might use this if you wanted to share a single API server across multiple different web site front-ends, or if you were building a service who’s explicit purpose was to be used on any number of websites.
I think it’s really helpful for us to at least be familiar with how our client side teams do HTML and CSS. If you’re like me, you probably feel like you can “get things done” in the front-end, but have probably not really given it much study. But I think there’s a lot of value in server side focused developers who maintain a passing familiarity with the how client-side development works. It will let you help make small changes, decide how to integrate the client side build in the CMS or framework, and make you a better technical resource for clients.
Did you know there was a difference between dashes (
-) and underscores
_) in our CSS? Or to reasoning for why so many elements have a half
dozen classes on them? Or why you should avoid element and nested
I read through these and realized everything I thought I knew about CSS was wrong.
Have a look and see what you think.