CORS

• Reconfigurable CORS middleware with jub0bs/cors May 14
• jub0bs/cors: a better CORS middleware library for Go Apr 27

• A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF... May 5
• Fearless CORS: a design philosophy for CORS middleware libraries (and a Go implementation) Feb 8

• Scraping the bottom of the CORS barrel (part 1) Aug 4
• CVE-2022-21703: cross-origin request forgery against Grafana Feb 8

• Subdomain takeover: ignore this vulnerability at your peril Feb 12