As I'm getting close to my fifth month at Dashlane, I have given my second presentations to engineers within the Web Product Team.

The presentation aims to be a high-level introduction to Cross-Origin Resource Sharing.
It covers the key concepts needed to approach CORS:

• Origin
• Same-Origin Policy
• Cross-Site Request Forgery (CSRF)
• OPTIONS preflight requests

It also tells the tale of a CORS twist in the context of a Chrome Web Extension.
Finally, the presentation mentions the quickly evolving web security landscape in a post-spectre world.

This presentation is also kind of meant as a not so subtle invitation to:

• double-checking your cross-origin setup.
• being wary of relying on defaults implemented by browsers.
• not blindly trusting the specifications.

Open “Cross-Origin Resource Sharing For The Web (Extension) (3.99MB pdf)”.

This presentation was given over video conference using screen sharing, in about 30 minutes excluding questions.