CORS to JSONP - sgml/signature GitHub Wiki
-
Add comments
-
Understand the tests
-
Experiment on both sides of the equation
-
https://digital.gov/2014/07/14/working-with-apis-for-non-coders-recap/
-
https://www.usps.com/business/web-tools-apis/documentation-updates.htm
-
https://www.federalregister.gov/reader-aids/developer-resources/rest-api
-
https://developer.companieshouse.gov.uk/api/docs/index/gettingStarted/introductionToAPI.html
-
https://developers.arcgis.com/javascript/3/jshelp/inside_esri_request.html
-
https://www.gov.uk/guidance/gds-api-technical-and-data-standards
-
https://www.bing.com/api/maps/sdk/mapcontrol/isdk/geojsonreadexternal
CORS
- https://metacpan.org/pod/Plack::Middleware::CrossOrigin
- https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/07-Testing_Cross_Origin_Resource_Sharing.html
- https://chromium.googlesource.com/chromium/src/+/HEAD/android_webview/docs/cors-and-webview-api.md
- http://blogs.reliablepenguin.com/2017/04/13/test-cors-curl
- https://reqbin.com/req/c-taimahsa
- https://owasp.org/www-community/attacks/CORS_OriginHeaderScrutiny
- https://www.wikihow.com/Enable-Cross-Origin-Resource-Sharing-%28CORS%29-for-Sharing-Resource-Using-Apache-Servers%2C-PHP-and-Jquery
- https://cors-errors.info/faq
- https://www.w3.org/2011/webappsec/track/actions/46
- https://wiki.mozilla.org/Security/Origin
CSRF
- https://security.stackexchange.com/questions/9096/how-an-iframe-can-cause-xsrf
- https://security.stackexchange.com/questions/8099/is-it-possible-to-forge-a-post-request
- https://blog.codinghorror.com/cross-site-request-forgeries-and-you/
- https://security.stackexchange.com/questions/158045/is-checking-the-referer-and-origin-headers-enough-to-prevent-csrf-provided-that
- https://engineering.mixmax.com/blog/modern-csrf/