{"id":18023842,"url":"https://github.com/bendera/cors-presentation","last_synced_at":"2026-01-29T10:02:07.967Z","repository":{"id":89334659,"uuid":"242012960","full_name":"bendera/cors-presentation","owner":"bendera","description":null,"archived":false,"fork":false,"pushed_at":"2023-03-06T11:07:04.000Z","size":4223,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-06-04T09:05:08.714Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bendera.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-02-20T23:32:14.000Z","updated_at":"2025-03-30T00:46:31.000Z","dependencies_parsed_at":null,"dependency_job_id":"112f563e-0b38-4bca-9495-435e118aa9a6","html_url":"https://github.com/bendera/cors-presentation","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/bendera/cors-presentation","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bendera%2Fcors-presentation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bendera%2Fcors-presentation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bendera%2Fcors-presentation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bendera%2Fcors-presentation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bendera","download_url":"https://codeload.github.com/bendera/cors-presentation/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bendera%2Fcors-presentation/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28875445,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-29T09:47:23.353Z","status":"ssl_error","status_checked_at":"2026-01-29T09:47:19.357Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-30T07:10:49.945Z","updated_at":"2026-01-29T10:02:07.824Z","avatar_url":"https://github.com/bendera.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CORS Policy demo\n\nThis is a sample application to demonstrate the CORS policy capabilities. It\ncontains four websites/web services which are the following:\n\n\u003cdl\u003e\n  \u003cdt\u003enetbank.test\u003cdt\u003e\n  \u003cdd\u003eAn imaginary banking SPA where \"protected\" content can be accessed after login.\nThe user/password is `admin/admin`.\u003cdd\u003e\n  \u003cdt\u003ecdn.netbank.test\u003cdt\u003e\n  \u003cdd\u003eStatic assets for the _netbank_ site like fonts, images, etc.\u003cdd\u003e\n  \u003cdt\u003eapi.netbank.test\u003cdt\u003e\n  \u003cdd\u003eThe backend service for the _netbank_ site.\u003cdd\u003e\n  \u003cdt\u003efreeiphone.test\u003cdt\u003e\n  \u003cdd\u003eA malicious site that try to steal the sensitive data of the _netbank_\n  users.\u003cdd\u003e\n\u003c/dl\u003e\n\n## Installation and setup\n\nInstall [chalet](https://www.npmjs.com/package/chalet) globally. This is a proxy\nserver that you can create custom domains on your own machine.\n\n```\nnpm i -g chalet\n```\n\nRun `npm ci` in each directory under the packages folder. Or run\n`lerna bootstrap` from the root directory if it is installed.\n\nRun `chalet add \\\"npm run serve\\\"` in each directory under the packages folder.\nThis will add chalet configuration for each site.\n\nSet chalet up as a proxy server. The automatic config url is:\nhttp://localhost:2000/proxy.pac If you work in a restricted environment where\nmodifying the proxy settings is forbidden, use the Firefox since it has its own\nproxy settings.\n\nThe chalet's admin can be accessible at https://chalet.test.\n\n## Branches\n\n### examples/no-cors\n\nCORS policy is not configured at all. The _netbank_ site is ugly, since the\nweb fonts cannot be downloaded. Another issue is the visible network error\nbecause the browser rejects all requests to `api.netbank.test` from\n`netbank.test`.\n\n### examples/cors-cdn\n\n`cdn.netbank.test` is configured correctly. The \u003cabbr title=\"Access-Control-Allow-Origin\"\u003eACAO\u003c/abbr\u003e\nheader value is `*`. It allows access from everywhere.\n\n### examples/misconfigured-cors\n\nThe `*` value is only applicable for requests without credentials. Unfortunatelly\nonly one origin can be defined in the ACAO header. The (not too smart) solution\nis echoing the content of the `origin` header in the ACAO. However, with this,\nthe malicious `freeiphone.test` site can access the protected content[^1].\n\n### examples/cors-api\n\nEchoing only the whitelisted origins in the `api.netbank.test` ACAO, however the browser doesn't\nkeep the session. The reason is that, the `credentials` parameter is not set in the `fetch` request.\n\n### examples/preflight-request\n\nThe `fetch` API called with the `credentials` parameter. The browser automatically sends an `OPTIONS`\nrequest to the server to ask the server capabilities, before the `POST` request.\n\n[^1]: You have to disable blocking of the third-party cookies in Firefox. [Screenshot](ff.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbendera%2Fcors-presentation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbendera%2Fcors-presentation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbendera%2Fcors-presentation/lists"}