From time to time, there are always articles that I read and think, 'wow, this is gold! I wish more people knew about it', but just can't find a proper way to share. Twitter might be a nice place to go to, but those links are almost always left forgotten along with other overloaded information. There should be somewhere quieter, specific to the web tech, and that can record and remember. That's when I came up with this post. I'm going to try posting my reading digests, sometimes just links, for a few weeks and see where it goes – it might end up nowhere or turn into a weekly newsletter. The content is mostly web-related, but sometimes I might wander off a bit.
1. About cross-site cookie
It's been 7 months since Chrome has enforced SameSite cookie on its v80+ browsers. Now Firefox has also introduced a similar strategy to prevent CSRF (Cross Site Request Forgery) and as part of its privacy protection strategy against trackers.
It's a big deal for web developers. If you aren't familiar with it and wonder why all the big fuss, here's Heroku's detailed insight regarding Chrome's SameSite attribute.
2. Deep dive into CSRF
Many people might think CORS (Cross Origin Resource Sharing) itself can prevent CSRF. It's not true. CORS prevents the request senders from reading the response, but the request is still made anyway. CSRF, unlike XSS (Cross Site Scripting), doesn't necessarily need to read the response. I highly recommend Rob Brown's article on this issue, and he's got a great example to demonstrate:
Luckily we now have some browsers safeguarding the first gate.
3. How to send a cookie with a cross-origin XMLHttpRequest from a Chrome extension
Let's face it, Chrome extension's developer documentation sucks. When I'm trying to learn the best practice by inspecting other people's extensions, permission abuse is not uncommon. This article is more like a footnote to the Chrome Developer documentation. It's all about 'best practice'.
4. About design
This is the best discovery in this week's random web strolling. Audi's design system is so elegant and consistent with its brand image. I love love love them!
5. About wording
Running out of action verbs in your CV? Imperial College in London offers an extensive list:
