Cross-Origin Resource Sharing (CORS) https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS What requests use CORS? This cross-origin sharing standard can enable cross-site HTTP requests for: Web Fonts (for cross-domain font usage in @font-face within CSS), so that servers can deploy TrueType fonts that can only be loaded cross-site and used by web sites that are permitted to do so. WebGL textures. Images/video frames drawn to a canvas using drawImage(). CSS Shapes from images. Simple Requests Some requests don’t trigger a CORS preflight.
What is a HTTP Cookie? https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user’s web browser. The browser may store it and send it back with later requests to the same server. Typically, it’s used to tell if two requests came from the same browser — keeping a user logged-in, for example. It remembers stateful information for the stateless HTTP protocol.
Takeaway from http basics always send sensitive data over post (and not get request!) always send a redirect after sucessful login (so the data get’s flushed out of the client memory) always create a new session after sucessful login (Session Fixation) sha256: b98a2764ae1ac790fee3451f8e70f147420578c159d179332b8b29cbd7239e75