Month: May 2019

Front-end & Back-end Interaction Section 4: CORS

This is a comment I posted on a video site, in case I forget, I’ll translate it later… 我觉得这么讲有点问题,CORS和CSRF并不是同一类问题的两个分支。CSRF可以看成是跨域问题的起点,也就是万恶之源,浏览器为了应对这个万恶之源,进化出了SOP(同源策略),从而为开发工作带来了很多麻烦,开发者们不得不想出各种奇技淫巧来跨域获取数据或者资源,例如JSONP。后来,HTML5诞生了,它提供了CORS,为开发中的跨域带来了便利,所以CORS是解决方案,CSRF是万恶之源,CORS作为解决方案会存在漏洞,而CSRF本身就是个漏洞,视频里展示的CORS漏洞和CSRF漏洞很容易造成歧义,还说CORS漏洞出现一般都会造成CSRF漏洞出现,这是当然了,讲师演示的返回头信息中的设置基本等于把SOP屏蔽掉了,一切回到了起点,那当然就又回到了CSRF了。CSRF和CORS不是包含与被包含关系,也不是同级关系,希望新人以后不要到百度搜索什么“CORS和CSRF”区别是什么(很显然我之前就干过这事)

Redux Practice Process

Note: This is not an article to explain what is Redux. Step 1: Install “redux” Step 2: Create store directory under src/ Step 3: Create store.js & reducer.js under src/store/ Step 4: Consider store as a data warehouse, and reducer is the warehouse manager, and store‘s constructor needs a reducer as param, so firstly we …

Nginx Installation

Building and installing Nginx via source code instead of package manager enables you to customize your installation and add extra modules to your server (e.g. libssl): For the source code: https://nginx.org/en/download.html Via cli to directly download source code in Ubuntu: