Laravel Terminology

CORS

Origin is domain (actually protochol://domain:port>https://ict4today.com:80)

Cross origin: when browser request data from a.com and during loading another request sent to b.com (ie. ajax, image etc)

Access-Control-Allow-Origin
Access-Control-Allow-Methods
Access-Control-Allow-Headers
Access-Control-Allow-Credentials (supports cookie of the allowed origin. true/false)

CSRF

It is another security policy when a random string is sent to the browser.

Accept and Content-type

The Accept header always indicates what kind of response from the server a client can accept. Content-type is about the content of the current request or response, depending on which kind of HTTP message it is applied.

So if a request has no payload, you don't have to send a content-type request header, and the same goes for your response: no body, no header necessary.

Some servers may require you to provide a content-type in a request even if the request has no payload; the sever should return a 415 Unsupported Media Type response if you omit it.

Stateful domain

A stateful request will maintain session where stateless do not. Server stores cookie data to browser for stateful domain.

When using a single page application that runs in the browser we want to use stateful authentication, because it only relies on a HttpOnly session cookie to identify the user.

REST APIs are not stateful.

Labels: Laravel, Web development