I #knew that even #attempting to #implement the #emoji rendering would be #hell in #javascript

Maybe I'll leave it be #php only, just like the #soundcloud renderer

https://ibb.co/qRDP0kL
https://i.ibb.co/HrKkNnL/Screenshot-2023-09-10-18-24-12.jpg

(This is why I #troubleshoot critical #network code in #php first, not #cors , no #noresult)

#BrokenCodeAlcea

Useful trick shared by @dveditz: when debugging Content Security Policy issues, you can get some helpful information in the console using

document.body.addEventListener(
"securitypolicyviolation",
(e) => { console.log(e) }
)

For more info, see https://developer.mozilla.org/en-US/docs/Web/API/SecurityPolicyViolationEvent

#CSP #CORS

My brain every time someone mentions #CORS

Hat sich an #Nominatim irgendwas geändert? Das Suchfeld in meiner Karte tut nicht mehr wegen #CORS

📬 AnimeDao.to hat illegales Streaming-Portal geschlossen
#Rechtssachen #Streaming #Szene #ACE #animedaoto #bunnycdnnru #CORS #CrossOriginResourceSharing #gogoanime #WatchLegally https://tarnkappe.info/artikel/rechtssachen/animedao-to-hat-illegales-streaming-portal-geschlossen-278901.html

Configuring #CORS is such a pain in the ass (at least on #nginx )

When it comes to Cross-Origin Resource Sharing (#CORS), I find that a lot of engineers out there are so confused about reasons and ideas. Everyone knows the abbr by heart yet when it comes to the security aspect they simply put `Access-Control-Allow-Origin: *` and call it a day.

Just found the other day a cool article explaining what CORS is, why it exists, and what headers and when to return. Screenshots and detailed guide included!

https://ieftimov.com/posts/deep-dive-cors-history-how-it-works-best-practices/

As much as I #love #php

I think #clientside #Javascript wins for most usecases as you don't need a #special #website \ #webserver..

But I like #linking to #phps or perhaps make their #output #download as #blob ..

Guess thats how things are.

Noway am I gonna rely on #serverside #languages...

#CORS be damned !

#CodeAlcea

https://andrewlock.net/making-authenticated-cross-origin-requests-with-aspnetcore-identity/ #DotNet #Identity #Cors #AspDotNet

I successfully implemented an allow list for #CORS headers in #PHP!

$allowedOrigins = ["https://friendly.site"];

header("Access-Control-Allow-Headers: Origin,Accept, X-Requested-With, Content-\
Type, Access-Control-Request-Method, Access-Control-Request-Headers");

$headers = apache_request_headers();
if (!array_key_exists("Origin", $headers)) {
return;
}

if (in_array($headers["Origin"], $allowedOrigins)) {
header("Access-Control-Allow-Origin: " . $headers["Origin"]);
}

I have been using #caddy server lately, and I really like it. Have created a small blog entry regarding #cors in Caddy, because it seems that there is quite some confusion about it: https://www.auxnet.de/en/blog/caddy-server-cors-and-preflight-requests/

(notreally) #BrokenCodeAlcea

This #php works #flawlessly from byethost .. but #not from webapp000 ( result = 0b)

Why ?
#http ? #CORS ? #ImSoConfused :blobcatgooglyholdingitsheadinitshands:

<̲?̲p̲h̲p̲
̲f̲i̲l̲e̲_̲p̲u̲t̲_̲c̲o̲n̲t̲e̲n̲t̲s̲(̲"̲y̲o̲u̲r̲p̲a̲g̲e̲z̲.̲h̲t̲m̲l̲"̲,̲ ̲f̲i̲l̲e̲_̲g̲e̲t̲_̲c̲o̲n̲t̲e̲n̲t̲s̲(̲"̲h̲t̲t̲p̲:̲/̲/̲a̲l̲c̲e̲a̲w̲i̲s̲t̲e̲r̲i̲a̲.̲b̲y̲e̲t̲h̲o̲s̲t̲7̲.̲c̲o̲m̲/̲P̲H̲P̲/̲0̲d̲e̲m̲o̲/̲2̲0̲2̲3̲-̲0̲3̲-̲2̲5̲-̲B̲o̲x̲N̲e̲t̲/̲y̲o̲u̲r̲p̲a̲g̲e̲.̲h̲t̲m̲l̲"̲)̲)̲;̲
̲?̲>̲

https://dev.to/jfbrennan/cors-checklist-1j5d - #CORS (cross-origin web requests) is hard. Thanks for the quick checklist of both client and server items https://github.com/jfbrennan.

Here is a #PodcastStandardsProject #PSP discussion for requiring hosts to enable #CORS and HTTP conditional requests headers
Based on an analysis of top 40 hosts by number of feeds, there are still a lot of gaps there❗🤯

https://github.com/Podcast-Standards-Project/PSP-1-Podcast-RSS-Specification/issues/2 :github:

#BrokenCodeAlcea #CORS
#JS

CrossDomain load

https://stackoverflow.com/questions/29629624/how-to-load-a-cross-domain-page-using-javascript

I'm after a good, no-nonsense (but very much common sense) guide to #CORS, a concept which I clearly have failed to understand. Any suggestions?

@fionagehring as un #cors de dança? Quin tipe de dança ei? Minjar damb tòn #gojat ei fantastic! A viatges era gent sonque se ve damb era sua parelha per sopar, dempús d'un dia complèt dehora de casa!

So... then I got the bright idea of having my version of the Swords & Wizardry treasure generator call my hosted version of hex-describe to get what the treasure is contained in and guarded/hidden by.

Umm... yea.

* CORS.
* async javascript fetches.
* setting values to Dom objects then parsing them.

OK, it's kinda cool that this works but... sheesh.

#ttrpg #HexDescribe #JavaScript #CORS #IHatesIt

I have been working with #CORS for some time now. But today I finally found this great resource and it greatly reduced the amount of confusion I still had about cross-origin requests.
(Also a great resource to experiment.) #WebDev
https://jakearchibald.com/2021/cors/

I ran into all the #CORS errors today ... It's kind of frustrating trying to use #javascript #module 's in the #browser.