TL;DR ¶ I’ve just released jub0bs/cors, a new CORS middleware library for Go, perhaps the best one yet. It has some advantages over the more popular rs/cors library, including a simpler API, better documentation, extensive configuration validation, a useful debug mode, stronger performance guarantees. Here is a representative example of client code: package main import ( "io" "log" "net/http" "github.com/jub0bs/cors" ) func main() { mux := http.NewServeMux() mux.HandleFunc("GET /hello", ha...| jub0bs.com
TL;DR ¶ In this post, I investigate why developers struggle with CORS and I derive Fearless CORS, a design philosophy for better CORS middleware libraries, which comprises the following twelve principles: Optimise for readability Strive for a simple and cohesive API Provide support for Private Network Access Categorise requests correctly Validate configuration and fail fast Treat CORS as a compilation target Provide no default configuration Do not preclude legitimate configurations Ease trou...| jub0bs.com
On January 17th 2023, X41 and Gitlab published a report of the source code audit they performed on Git (funded by the OSTIF foundation).| Blog of Litchi Pi
Website with the collection of all the cheat sheets of the project.| cheatsheetseries.owasp.org
Found 99 vulnerabilities (84 moderately irrelevant, 15 highly irrelevant)| overreacted.io