Quoting from here, If a resource is delivered with a policy that includes a directive named frame-ancestors and whose disposition is "enforce", th ...
I understand at a high level why one would not want to allow arbitrary code to execute in a web browser via the JS eval() function. But I wonder if t ...
I have an nginx reverse proxy serving multiple small web services. Each of the servers has different domain names, and are individually protected with ...
I'm aware passwords should be hashed/salted on backend and HTTPS should be used for transportation. My concern is that, on account registration, there ...
. Answers to this question are eligible for a +50 reputation bounty. Bounty gr ...
I have a REST API backed with Symfony 4.3 and NelmioCorsBundle for the CORS. I would like to understand if by definition/best practice, it's correct t ...
i want to know if it is possible to make a security key out of a normal usb. i am using webauthn api for php at the moment on a windows 10 device, if ...
I have a controller form application and the security team they said there is a vulnerability you can put any user_id fom postman inside the controlle ...
I am somewhat confused by how web security works in general so I hope someone can clear things up for me. Can I rely on HTTPS on the integrity (be ...
I have a problem that requires me to hide/change the actual window size of my browser from the web server. I mean the web server should learn wrong in ...
I am writing a shopping cart component is react and my boss says i shouldn't use css in html cause it can be hacked. If he had said good coding practi ...
I've been following issues such as this one in order to figure out how to implement Authentication without WebSecurityConfigurerAdapter, but my code s ...
This is my code window.open( ${process.env.REACT_APP_APACHE_SUPERSET_URL}/superset/sqllab/, "_blank" ) ...
For example I am testing a website and I found some invalid (error) pages. You visit the page and receive status code 500. But now if you reload the p ...
This delete button will only call the controller method if I remove the ValidateAntiForgeryToken attribute. How can I change either of these methods t ...
I have hard-coded the username and password from plain Javascript, which are required by an API. but I want to take them from Azure or any other sourc ...
I am facing a strange issue today, in my web directory "index.php" and ".htaccess" files are creating automatically, when i delete them they are creat ...
Is it necessary to apply the Content-Security-Policy Header to all resources on your domain (images/CSS/JavaScript) or just web pages? For example, I ...
I am building an application that spans over several parts of infrastructure. An end-user can sign in to a portal using OAuth 2.0 authorization code ...
There's lots of general info about preventing API key leaks, but I'm having trouble finding proper procedure specifically for making an HTTP GET reque ...