As I'm getting close to my fifth month at Dashlane, I have given my second presentations to engineers within the Web Product Team.
The presentation aims to be a high-level introduction to Cross-Origin Resource Sharing.
It covers the key concepts needed to approach CORS:
- Same-Origin Policy
- Cross-Site Request Forgery (CSRF)
- OPTIONS preflight requests
It also tells the tale of a CORS twist in the context of a Chrome Web Extension.
Finally, the presentation mentions the quickly evolving web security landscape in a post-spectre world.
This presentation is also kind of meant as a not so subtle invitation to:
- double-checking your cross-origin setup.
- being wary of relying on defaults implemented by browsers.
- not blindly trusting the specifications.
Open “Cross-Origin Resource Sharing For The Web (Extension) (3.99MB pdf)”.
This presentation was given over video conference using screen sharing, in about 30 minutes excluding questions.