Localhost and Subdomains - sgml/signature GitHub Wiki

Basic CORS for localhost development

  1. Add your subdomain to the Origin Request header, e.g. foo.bar.com

  2. Add the Access-Control-Allow-Origin Response header with your localhost value, e.g. localhost:9999

  3. Add the Access-Control-Allow-Credentials Response header with a value of true

Example

Request Headers

Host: example.com
Origin: https://localhost:8081
Referer: https://localhost:8081

Response Headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: localhost:8081
Vary: Origin,Accept-Encoding,User-Agent

References

  1. http://blog.nelm.io/2011/11/cors-with-sencha-touch/
  2. https://code-examples.net/en/q/12d42a4
  3. https://www.moesif.com/blog/technical/cors/Authoritative-Guide-to-CORS-Cross-Origin-Resource-Sharing-for-REST-APIs/
  4. https://help.crossbrowsertesting.com/faqs/testing/invalid-host-header-error/
  5. https://medium.com/@BillFienberg/tunnels-and-proxies-and-headers-oh-my-5088e1ee11fa
  6. https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html
  7. https://developer.tizen.org/development/guides/web-application/w3chtml5supplementary-features/security/cross-origin-resource-sharing
  8. https://w3c.github.io/webappsec-cors-for-developers/
  9. https://news.ycombinator.com/item?id=12595628
  10. https://github.com/nodejs/node/issues/14304
  11. https://www.hostingadvice.com/how-to/nodejs__dirname/
  12. https://host4asp.net/set-up-node-js-on-a-windows-server/
  13. https://superuser.com/questions/395167/configuring-linux-to-use-windows-proxy
  14. http://www.catonmat.net/http-proxy-in-nodejs/
  15. https://atticuswhite.com/blog/apache-serving-nodejs/
  16. https://adamtuttle.codes/add-node-to-existing-iis-server/
  17. https://www.ocf.berkeley.edu/~xuanluo/sshproxywin.html
  18. http://codebetter.com/matthewpodwysocki/2010/09/08/getting-started-with-node-js-on-windows/
  19. http://knowledge.santanu.net/install-and-working-with-nodejs-on-windows-pc-and-openshift/
  20. https://medium.com/@baphemot/understanding-cors-18ad6b478e2b
  21. https://cdnjs.com/libraries/backbone.js/tutorials/cross-domain-sessions
  22. https://expressjs.com/en/guide/behind-proxies.html
  23. https://flaviocopes.com/express-cors/
  24. https://www.express-gateway.io/
  25. https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/