mastodontech.de ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Offen für alle (über 16) und bereitgestellt von Markus'Blog

Serverstatistik:

1,5 Tsd.
aktive Profile

#cors

0 Beiträge0 Beteiligte0 Beiträge heute
Fortgeführter Thread

@iFSR @dm2lct @BitsUndBaeumeDresden
Auch selfhosting ist für die Firma ein zu hohes Risiko, Geheimnisse preis zu geben.
Weiß nicht, ob das aktuell ist, aber im Katalog ist sogar "hosting in Deutschland" ein zu buchbares Feature. Die Frage ist, wo sonst, in den #USA ?
Hinzubuchbar sind noch die Bestätigung, dass man selbstständig wählt, iFrame Zulassung (wsl. #CORS rule ?) und die Gewichtung.
Das heißt die Angleichung der Wahlergebnisse nach diversen Formeln noch vor der offiziellen Ausgabe, wenn ich das richtig verstehe.

TIL that #CORS also stands for "cat–owner relationship scale". Delightful.

journals.plos.org/plosone/arti

journals.plos.orgBehavioral responses of domestic cats to human odorPeople all around the world live with cats and cats engage in many social behaviors toward their owners. Olfaction is one of the most important sensory abilities in cats, yet its role in recognizing humans remains unclear. In this study, we assessed the role and characteristics of olfaction in the discrimination of known or unknown humans by cats using ethological methods. Whether cats exhibit a lateralization of nostril use in response to a variety of olfactory stimuli, exposure experience, inter alia, was investigated. Cats were simultaneously presented with three odor stimuli: that of a known person (owner), an unknown person, and a blank control. Responses to the cat 2 scale (Feline Five) and the cat–owner relationship scale (CORS) were collected from cat owners through questionnaires. It was observed that cats spent a substantially longer time sniffing the odor of an unknown person than that of a known person, indicating the use of their sense of smell to distinguish between heterospecific (human) individuals. While responding to odor stimuli from unknown humans, the cats displayed marked lateralization in the use of one nostril or another. An association was observed between the first odor the cat sniffed among known, unknown, and blanks and the personality score. A strong correlation was found between the number of repetitive sniffing odors and personality scores in male cats. No association was evident between the cat’s behavior and the cat–owner relationship score. Rubbing of their faces against an object immediately after sniffing it was observed and thus a possible relationship between the olfactory exploration and subsequent rubbing (odor-marking) behavior in cats is postulated. However, this relationship warrants further investigation along with the theory of whether cats are able to recognize a specific person from olfactory cues.

Cross-Origin Resource Sharing (CORS) is a critical concept in web development, ensuring secure interactions between different origins. In this episode, we delve into the intricacies of CORS, exploring its role in modern web applications, common challenges developers face, and effective strategies to resolve cross-origin issues.

#CORS #WebDevelopment #CrossOrigin #WebSecurity #JavaScript #DeveloperTips #TechPodcast

podcasts.apple.com/us/podcast/

Apple PodcastsUnderstanding CORS: Solving Cross-Origin Resource Sharing Issues for Modern Web AppsPodcast Episode · TechDaily.ai · 04/26/2025 · 15m

Been using #Vivaldi lately, largely because the #ZenBrowser has a problem with handling #CORS on #Angular apps, like #YouTube, meaning it fails to load videos.

The Zen team is ofc over taxed and has a lot of things to do, I've been told - even though that just sounds like another "only I can drive" problem that requires recruitment.

In any case, it functions as expected - being a #Chrome based browser - but it's proprietary nature is still dubious to me - as in it's privacy is questionable.

It is always funny how fast configuration mistakes happen. We do have a review process, we usually test things. But sometimes there are things you can only test for real on the live system. Something like #CORS rules. And if then stress comes along and one does not test it right away users will trip over it.

In this case we added a seemingly innocent '/' at the end of 'Allowed-Origins'. Do not to this. This will block access form all paths behind it... (And I learn it every time anew).

🚨 Help Needed: #CORS and #Cloudflare Access Issues with #Nextflux + #MiniFlux Setup 🚨

Hi everyone! I’m struggling with a #SelfHosted setup and could really use some advice from the self-hosting community. Lol I've been trying to figure this out for hours with no luck. Here’s my situation:

Setup

  • MiniFlux: Running in #Docker on a #RaspberryPi500 (#Stormux, based on #ArchLinuxARM).
  • Nextflux: Hosted on Cloudflare Pages.
  • Reverse Proxy: #Caddy (installed via AUR).
  • Cloudflare Access: Enabled for security and SSO.
  • Cloudflared: Also installed via AUR.
  • CORS Settings in Cloudflare Access: Configured to allow all origins, methods, and headers.

What’s Working

  • MiniFlux is accessible from my home network after removing restrictive CORS settings in both Caddy and MiniFlux.
  • Nextflux is properly deployed on Cloudflare Pages.

The Problem

Nextflux cannot connect to MiniFlux due to persistent CORS errors and authentication issues with Cloudflare Access. Here are the errors I’m seeing in the browser console:

  1. CORS Error:Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' from origin 'https://nextflux.laniecarmelo.tech' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
  2. Cloudflare Access Redirection:

    Request redirected to 'https://lifeofararebird.cloudflareaccess.com/cdn-cgi/access/login/rss.laniecarmelo.tech'.
  3. Failed to Fetch:

    Failed to fetch: TypeError: Failed to fetch.

What I’ve Tried

  1. Service Token Authentication:

    • Generated a service token in Cloudflare Access for Nextflux.
    • Added CF-Access-Client-Id and CF-Access-Client-Secret headers in Caddy for rss.laniecarmelo.tech.
    • Updated Cloudflare Access policies to include a bypass rule for this service token.
  2. CORS Configuration:

    • Tried permissive settings (Access-Control-Allow-Origin: *) in both Caddy and MiniFlux.
    • Configured Cloudflare Access CORS settings to allow all origins, methods, and headers.
  3. Policy Adjustments:

    • Created a bypass policy for my home IP range and public IP.
    • Added an "Allow" policy for authenticated users via email/login methods.
  4. Debugging Logs:

    • Checked Cloudflared logs, which show requests being blocked due to missing access tokens (AccessJWTValidator errors).

Current State

Despite these efforts:

  • Requests from Nextflux are still being blocked by Cloudflare Access or failing due to CORS issues.
  • The browser console consistently shows "No 'Access-Control-Allow-Origin' header" errors.

Goals

  1. Allow Nextflux (hosted on Cloudflare Pages) to connect seamlessly to MiniFlux (behind Cloudflare Access).
  2. Maintain secure access to MiniFlux for other devices (e.g., my home network or mobile devices).

My Environment

  • Raspberry Pi 500 running Arch Linux ARM.
  • Both Caddy and Cloudflared are installed via AUR packages.
  • MiniFlux is running in Docker with the following environment variables:CLOUDFLARE_SERVICE_AUTH_ENABLED=trueCLOUDFLARE_CLIENT_ID=<client-id>CLOUDFLARE_CLIENT_SECRET=<client-secret>

Relevant Logs

From cloudflared:

ERR error="request filtered by middleware handler (AccessJWTValidator) due to: no access token in request"

From the browser console:

Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' has been blocked by CORS policy.

Questions

  1. Is there a better way to configure CORS for this setup?
  2. Should I be handling authentication differently between Nextflux and MiniFlux?
  3. How can I ensure that requests from Nextflux include valid access tokens?

Any help or advice would be greatly appreciated! 🙏

You need to configure #CORS on a #golang server? Here are ten features that distinguish github.com/jub0bs/cors from other CORS middleware libraries:

1. a simple and coherent API
2. comprehensive documentation
3. extensive configuration validation
4. programmatic handling of configuration errors
5. safe-by-default middleware
6. a useful debug mode
7. on-the-fly, concurrency-safe middleware reconfigurability
8. strong performance guarantees
9. support for Private-Network Access
10. full compliance with the Fetch standard

Sponsors are welcome! github.com/sponsors/jub0bs

GitHubGitHub - jub0bs/cors: perhaps the best CORS middleware library for Goperhaps the best CORS middleware library for Go. Contribute to jub0bs/cors development by creating an account on GitHub.

Web Scraping with your Web Browser: Why Not?

Link
📌 Summary: 本文探討在網頁瀏覽器中進行網頁爬蟲的可能性,否認了傳統上僅依賴Python和Beautiful Soup的做法。作者指出,雖然一些擴展工具聲稱能無需編碼進行爬蟲,但這僅限於簡單網站。從歷史上看,JavaScript的發展使其在網頁爬蟲的應用上進展緩慢。文章詳細介紹了如何處理CORS問題、代理伺服器的使用及簡單範例,並引導讀者以幾行代碼建立自己的爬蟲。最終,作者提到瀏覽器在檢索數據方面的優勢並提出繼續開發本地代理伺服器的建議。

🎯 Key Points:
- 網頁爬蟲普遍使用Python,JavaScript的應用較少。
- CORS(跨來源資源共享)對JavaScript的存取有影響,解決方案包括使用代理伺服器。
- 使用本地代理伺服器進行更複雜的爬蟲工作更為有效。
- 提供了一個簡單的爬蟲範例,可用瀏覽器直接運行。
- 強調無需繁瑣的第三方工具,即可在瀏覽器中實現網頁數據抓取。

🔖 Keywords: #網頁爬蟲 #JavaScript #CORS #代理伺服器 #數據擷取
readhacker.newsWeb Scraping with your Web Browser: Why Not?
Fortgeführter Thread

Ok I guess I'll have to give up again quite quickly 😦

#Microsoft #Teams is broken for me as soon as I disable #IPv4. From what I could understand in this horrible mess of a "web app", the reason is probably some #CORS error. I have no idea how that could ever be related to #IPv6 or #NAT or anything. Tried temporarily disabling #NAT64 (to force direct v6 connections), tried adding all of Microsofts v6 networks to the "exclude" option of bind9 to have everything pass #NAT64 *avoiding* native IPv6, tried several ways to disable CORS, nothing helped. 🤬

Anyone know about these issues with teams?

edit: to clarify, "everything" seems to work except for the main purpose: join an actual call ...

Antwortete im Thread

@StevenB @nathan @merryoscar @martin @francosolerio @podcastguru @algrid @samsethi @dave @mitch @aegrumet @IceCubeSoup @amugofjava @RyanHirsch
I don't support it yet on @podstation, honestly, it is low priority for me, but I support the use-case of having different file sizes. This would save bandwidth and maybe also memory and cache storage. This is specially relevant for #PWA s thar don't have a server side, as client side resize requires #CORS

🔓CORS is Stupid - Kevin Cox
— Kevin Cox

「 First and foremost CORS is a giant hack to mitigate legacy mistakes. It provides both opt-out protections as an attempt to mitigate XSS attacks against unaware or unmodified sites and opt-in protections for sites to actively protect themselves. But none of these protections are actually sufficient to solve the intended problem 」

kevincox.ca/2024/08/24/cors/

kevincox.caCORS is Stupid - Kevin Cox

Claude's API now supports CORS requests, enabling client-side applications
simonwillison.net/2024/Aug/23/
news.ycombinator.com/item?id=4

* Anthropic enabled CORS for JSON APIs
* possible to call Claude LLMs directly f. user’s browser

Claude (language model): en.wikipedia.org/wiki/Claude_(
* Claude large language model (LLM)
* Claude 3 can analyze images
* generative pre-trained transformers
* predict next word in large amounts of text

simonwillison.netClaude’s API now supports CORS requests, enabling client-side applicationsAnthropic have enabled CORS support for their JSON APIs, which means it’s now possible to call the Claude LLMs directly from a user’s browser. This massively significant new feature is …
#AI#NLP#LLM