Security

Question 1

In computing, the ______-_______-_____ is an important concept in teh web applciation security model.

Answer 1

same-origin-policy

Question 2

Under teh same-origin-policy, a web browser permits scripts caontined in a first web apge to access data in a second web page, but only if both web pages have the same origin. This is done to prevent _______.

Answer 2

Cross site scripting - XSS.

Question 3

T or F

(SOP) same-origin-policy is enforced by web browsers and ignored by tools like postman and curl.

Answer 3

True

Question 4

____ is one way the server at the other end (not the client code in the browser) can relax the same-origin-policy.

Answer 4

Cross origin resource sharing (CORS)

Question 5

______ is a machanism that allows restricted resources (ie: fonts) on a web page to be requested from another domain outside the domain from which the first resource was served.

Answer 5

Corss origin resource sharing (CORS)

Question 6

Cross Origin Resource Sharing (CORS)

• browser makes an HTTP options call for a URL
• options is an HTTP method like Get, Put, and Post

Server returns a resonse that says:

“These other domains are approved ti Get this URL”

-Error - “Origin policy can’t be read at the remote resource?”

You need to enable CORS on API GW

Answer 6

just read the other card.