http – Into Java

Here is my simple explanation(why) for the same origin policy.

– A web page in the clients browser, should not be allowed to call/access/load JS(or any other resources) from other domains

Why:

if my web page from infoq.com executes a call to another (unknown) domain, say xxx.com, then that request/response might execute JS code which is not part of the infoq.com web page, and that code could be compromised(it can not be trusted)

So with Same Origin Policy restriction – you make sure that you execute code from the site you intend to visit

https://www.netsparker.com/whitepaper-same-origin-policy/

Cross-Site Request Forgery Explained

in this video I have found out about – Burp Suite Scanner | PortSwigger
which has a nice HTTP – proxy/inspector

https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html

I have discovered WireMock

If you have an HTTP Client in Java, You can mock/inject any type of response into that Client, and try-out special scenarios like time-outs, different status-codes, etc… and see how your code behaves….

HttpRequestUtil cut ;


    String host = "http://localhost:8888";

    String endPoint = "/customsearch/v1?key";

    String url = host+endPoint;
        stubFor(get(urlEqualTo(endPoint))

                .willReturn(aResponse()

                        .withHeader("Content-Type", "text/plain")

                        .withBody("Hello world!")));
        String response = cut.doGet(url);
        cut = new HttpRequestUtil(time20000ms);
        stubFor(get(urlEqualTo(endPoint)).willReturn(

                aResponse()

                        .withStatus(200)

                        .withFixedDelay(time20000ms)));

String response = cut.doGet(url); //java.util.concurrent.TimeoutException: No response received after 20000

Into Java

Category: http

Same Origin Policy restriction, CORS

WireMok