Monday, June 25, 2018

Cross-Origin Read Blocking

CORB is an algorithm for flagging and not going forward with alarming API endpoints which have CORS (Cross-Origin Resource Sharing) opened up and are readable but nonetheless are not something you should want to read from as they are sinister somehow. Imagine the difference between medicine locked up in the medicine cabinet (no CORS) and a bottle of poison freely sitting out and available (no CORB) to understand this. Beyond your ethernet (LAN), be careful what you drink.

No comments:

Post a Comment