Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default
flask-corsPosted 1 Year Ago- Private Network Access (PNA) is a new browser security feature to prevent direct access to local networks. Segmenting the local network is important for preventing CSRF-like attacks to compromise a users network.
- The mechanism for fixing this is
Access-Control-Allow-Private-Networkheader. If this header is not included for a particular website, then it will reject the local network request. - In Flask, the default for this header was
true. This effectively removed the protections of the new PNA specification. So, it just sets the default tofalsenow.
