Series · 1 part · ~12 min read
Web security primer: the same-origin model and what breaks it
0 / 1 read
How the browser decides who reads whose data: same-origin policy, CORS, then XSS and CSRF - plus the headers and cookie flags that stop them.