security

• Reconfigurable CORS middleware with jub0bs/cors May 14
• jub0bs/cors: a better CORS middleware library for Go Apr 27

• A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF... May 5
• Fearless CORS: a design philosophy for CORS middleware libraries (and a Go implementation) Feb 8

• Subdomain takeover: ignore this vulnerability at your peril Feb 12

• Protecting your apps from link-based vulnerabilities: reverse tabnabbing, broken-link hijacking, and open redirects Jul 29