Web Security

As I’m building out my homelab I want to make sure everything is running securely with HTTPS and ssl everywhere. If I can run everything production like it will make it much easier to graduate any services to the public later much easier. Although I have no plans on making my PostgreSQL instance public, it will be running on my local network which has a lot of different devices. It seems prudent to ensure all connections to the PostgreSQL service is encrypted. ...

Cross-Origin Resource Sharing (CORS) is something I keep running headlong into and is always notoriously difficult to debug. So I decided to dig deep into CORS and get a better understanding of what it is, why it works the way it does, and how to best work with it. To understand CORS we first need to look at web browsers and how they communicate with web services. An HTTP request is sent either through a user interaction to the browser, or a script that runs on the page. When the request is made, the browser will check it’s local storage for any cookies and send those along with the request. ...