Borek Bernard – WindowsTechs.com

Would "same-origin cookies" make sense?

Posted on July 14, 2021 by Borek Bernard

I have read Incrementally Better Cookies, a couple of web.dev articles and tried to google for "same-origin cookies" but could not find anything so I wonder if this is being worked on.
SameSite=Strict & Lax are a very good pr… Continue reading Would "same-origin cookies" make sense?→

Difference between `Access-Control-Allow-Origin: *` (wildcard) and specific origins

Posted on June 17, 2021 by Borek Bernard

I have a mostly public API with some parts of it "credentialed" behind cookies, similarly to e.g. how WordPress’ REST API works. (In our case, it’s a GraphQL API but that shouldn’t matter.)
I want to enable CORS for it and am con… Continue reading Difference between `Access-Control-Allow-Origin: *` (wildcard) and specific origins→