AXM Paper Space Scale Models.com
follow: @//jub0bs.com/posts/@rss.social
Pure vs. impure iterators in Go
Challenge: make this Go function inlinable and free of bounds checks
Why concrete error types are superior to sentinel errors
The cost of Go's panic and recover
Programmatic handling of CORS-configuration errors with jub0bs/cors
Reconfigurable CORS middleware with jub0bs/cors
jub0bs/cors: a better CORS middleware library for Go
A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF...
Fearless CORS: a design philosophy for CORS middleware libraries (and a Go implementation)
Existence oracle for Secure cookies on insecure Web origins
Scraping the bottom of the CORS barrel (part 1)
CVE-2022-21703: cross-origin request forgery against Grafana
Abusing Slack's file-sharing functionality to de-anonymise fellow workspace members
Subdomain takeover: ignore this vulnerability at your peril
The great SameSite confusion
Protecting your apps from link-based vulnerabilities: reverse tabnabbing, broken-link hijacking, and open redirects
A glimpse at parametric polymorphism in Go: designing a generic bidirectional map
Leveraging an SSRF to leak a secret API key
Chaining an IDOR with a business-logic error to achieve critical impact
Plugging Git leaks: preventing and fixing information exposure in repositories
Summary of dotGo 2019
Access control in Go: a primer for Java developers
Defer: sweet, but no syntactic sugar