skip to Main Content

Why are cross-origin POST requests with Content-Type 'application/json' considered to be unsafe?

According to Safe headers – the only allowed custom headers are: ... Content-Type with the value application/x-www-form-urlencoded, multipart/form-data or text/plain. If I understand the consequences correctly: Sending a cross origin POST request with Content-Type header appliation/json will first trigger…


Iframe origin error in Safari due to CSS rule

I have replicated an error as shown below in Safari: Blocked a frame with origin "thepagedomain" from accessing a frame with origin "theiframesourcedomain". Protocols, domains, and ports must match. With the following very simple page: <html><head> <style> #iframe{ width: 100%;…

Back To Top