Same-origin policies play an important role in web security, to protect data. In this course, learn how to develop secure, interactive sites.
Overview
Syllabus
Introduction
- Working with browser security features
- What you should know
- Set up your environment
- Configure servers for testing
- Understanding same-origin policies
- Defining an origin
- Cross-site scripting attacks
- Cross-site request forgery attacks
- Cross-origin resource sharing
- Create a permissive Access-Control-Allow-Origin header
- Create a tailored Access-Control-Allow-Origin header
- The Content-Security-Policy header
- Build a Content Security Policy header
- Create a Content Security Policy meta element
- Create a Content Security Policy for a widget
- Create a highly restrictive Content Security Policy
- The Strict-Transport-Security header
- Implement the Strict-Transport-Security header
- Include subdomains in Strict-Transport-Security
- Add a domain to the Strict-Transport-Security preload list
- Code that communicates across windows
- Implement the postMessage method
- Work with a received message
- Specify the target domain for a message
- Specify the allowed message sender origin
- Use cross-window data in an app
- How cookie origins are defined
- Restrict a cookie to a subdomain
- Share cookies across subdomains
- Restrict the path of a cookie
- Limit a cookie to the same site
- Work with server-only cookies
- Next steps
Taught by
Sasha Vodnik
