Cors In Action

Summary CORS in Action introduces Cross-Origin Resource Sharing (CORS) from both the server and the client perspective. It starts with the basics: how to make CORS requests and how to implement CORS on the server. It then explores key details such as performance, debugging, and security. API authors will learn how CORS opens their APIs to a wider range of users. JavaScript developers will find valuable techniques for building rich web apps that can take advantage of APIs hosted anywhere. The techniques described in this book are especially applicable to mobile environments, where browsers are guaranteed to support CORS. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the Book Suppose you need to share some JSON data with another application or service. If everything is hosted on one domain, it's a snap. But if the data is on another domain, the browser's "same-origin" policy stops you cold. CORS is a new web standard that enables safe cross-domain access without complex server-side code. Mastering CORS makes it possible for web and mobile applications to share data simply and securely. CORS in Action introduces CORS from both the server and the client perspective. It starts with making and enabling CORS requests and then explores performance, debugging, and security. You'll learn to build apps that can take advantage of APIs hosted anywhere and how to write APIs that expand your products to a wider range of users. For web developers comfortable with JavaScript. No experience with CORS is assumed. What's Inside CORS from the ground up Serving and consuming cross-domain data Best practices for building CORS APIs When to use CORS alternatives like JSON-P and proxies About the Author Monsur Hossain is an engineer at Google who has worked on API-related projects such as the Google JavaScript Client, the APIs Discovery Service, and CORS support for Google APIs. Table of Contents PART 1 INTRODUCING CORS The Core of CORS Making CORS requests PART 2 CORS ON THE SERVER Handling CORS requests Handling preflight requests Cookies and response headers Best practices PART 3 DEBUGGING CORS REQUESTS Debugging CORS requests APPENDIXES CORS reference Configuring your environment What is CSRF? Other cross-origin techniques

"A comprehensive guide to designing and implementing secure services. A must-read book for all API practitioners who manage security." - Gilberto Taccari, Penta API Security in Action teaches you how to create secure APIs for any situation. By following this hands-on guide you’ll build a social network API while mastering techniques for flexible multi-user security, cloud key management, and lightweight cryptography. A web API is an efficient way to communicate with an application or service. However, this convenience opens your systems to new security risks. API Security in Action gives you the skills to build strong, safe APIs you can confidently expose to the world. Inside, you’ll learn to construct secure and scalable REST APIs, deliver machine-to-machine interaction in a microservices architecture, and provide protection in resource-constrained IoT (Internet of Things) environments. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the technology APIs control data sharing in every service, server, data store, and web client. Modern data-centric designs—including microservices and cloud-native applications—demand a comprehensive, multi-layered approach to security for both private and public-facing APIs. About the book API Security in Action teaches you how to create secure APIs for any situation. By following this hands-on guide you’ll build a social network API while mastering techniques for flexible multi-user security, cloud key management, and lightweight cryptography. When you’re done, you’ll be able to create APIs that stand up to complex threat models and hostile environments. What's inside Authentication Authorization Audit logging Rate limiting Encryption About the reader For developers with experience building RESTful APIs. Examples are in Java. About the author Neil Madden has in-depth knowledge of applied cryptography, application security, and current API security technologies. He holds a Ph.D. in Computer Science. Table of Contents PART 1 - FOUNDATIONS 1 What is API security? 2 Secure API development 3 Securing the Natter API PART 2 - TOKEN-BASED AUTHENTICATION 4 Session cookie authentication 5 Modern token-based authentication 6 Self-contained tokens and JWTs PART 3 - AUTHORIZATION 7 OAuth2 and OpenID Connect 8 Identity-based access control 9 Capability-based security and macaroons PART 4 - MICROSERVICE APIs IN KUBERNETES 10 Microservice APIs in Kubernetes 11 Securing service-to-service APIs PART 5 - APIs FOR THE INTERNET OF THINGS 12 Securing IoT communications 13 Securing IoT APIs

Summary HTTP/2 in Action is a complete guide to HTTP/2, one of the core protocols of the web. Because HTTP/2 has been designed to be easy to transition to, including keeping it backwards compatible, adoption is rapid and expected to increase over the next few years. Concentrating on practical matters, this interesting book presents key HTTP/2 concepts such as frames, streams, and multiplexing and explores how they affect the performance and behavior of your websites. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the Technology HTTP—Hypertext Transfer Protocol—is the standard for exchanging messages between websites and browsers. And after 20 years, it's gotten a much-needed upgrade. With support for streams, server push, header compression, and prioritization, HTTP/2 delivers vast improvements in speed, security, and efficiency. About the Book HTTP/2 in Action teaches you everything you need to know to use HTTP/2 effectively. You'll learn how to optimize web performance with new features like frames, multiplexing, and push. You'll also explore real-world examples on advanced topics like flow control and dependencies. With ready-to-implement tips and best practices, this practical guide is sure to get you—and your websites—up to speed! What's Inside HTTP/2 for web developers Upgrading and troubleshooting Real-world examples and case studies QUIC and HTTP/3 About the Reader Written for web developers and site administrators. About the Authors Barry Pollard is a professional developer with two decades of experience developing, supporting, and tuning software and infrastructure. Table of Contents PART 1 MOVING TO HTTP/2 Web technologies and HTTP The road to HTTP/2 Upgrading to HTTP/2 PART 2 USING HTTP/2 HTTP/2 protocol basics Implementing HTTP/2 push Optimizing for HTTP/2 PART 3 ADVANCED HTTP/2 Advanced HTTP/2 concepts HPACK header compression PART 4 THE FUTURE OF HTTP TCP, QUIC, and HTTP/3 Where HTTP goes from here

Spring Security in Action shows you how to prevent cross-site scripting and request forgery attacks before they do damage. You’ll start with the basics, simulating password upgrades and adding multiple types of authorization. As your skills grow, you'll adapt Spring Security to new architectures and create advanced OAuth2 configurations. By the time you're done, you'll have a customized Spring Security configuration that protects against threats both common and extraordinary. Summary While creating secure applications is critically important, it can also be tedious and time-consuming to stitch together the required collection of tools. For Java developers, the powerful Spring Security framework makes it easy for you to bake security into your software from the very beginning. Filled with code samples and practical examples, Spring Security in Action teaches you how to secure your apps from the most common threats, ranging from injection attacks to lackluster monitoring. In it, you'll learn how to manage system users, configure secure endpoints, and use OAuth2 and OpenID Connect for authentication and authorization. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the technology Security is non-negotiable. You rely on Spring applications to transmit data, verify credentials, and prevent attacks. Adopting "secure by design" principles will protect your network from data theft and unauthorized intrusions. About the book Spring Security in Action shows you how to prevent cross-site scripting and request forgery attacks before they do damage. You’ll start with the basics, simulating password upgrades and adding multiple types of authorization. As your skills grow, you'll adapt Spring Security to new architectures and create advanced OAuth2 configurations. By the time you're done, you'll have a customized Spring Security configuration that protects against threats both common and extraordinary. What's inside Encoding passwords and authenticating users Securing endpoints Automating security testing Setting up a standalone authorization server About the reader For experienced Java and Spring developers. About the author Laurentiu Spilca is a dedicated development lead and trainer at Endava, with over ten years of Java experience. Table of Contents PART 1 - FIRST STEPS 1 Security Today 2 Hello Spring Security PART 2 - IMPLEMENTATION 3 Managing users 4 Dealing with passwords 5 Implementing authentication 6 Hands-on: A small secured web application 7 Configuring authorization: Restricting access 8 Configuring authorization: Applying restrictions 9 Implementing filters 10 Applying CSRF protection and CORS 11 Hands-on: A separation of responsibilities 12 How does OAuth 2 work? 13 OAuth 2: Implementing the authorization server 14 OAuth 2: Implementing the resource server 15 OAuth 2: Using JWT and cryptographic signatures 16 Global method security: Pre- and postauthorizations 17 Global method security: Pre- and postfiltering 18 Hands-on: An OAuth 2 application 19 Spring Security for reactive apps 20 Spring Security testing

Vert.x in Action teaches you how to build production-quality reactive applications in Java. This book covers core Vert.x concepts, as well as the fundamentals of asynchronous and reactive programming. Learn to develop microservices by using Vert.x tools for database communications, persistent messaging, and test app resiliency. The patterns and techniques included here transfer to reactive technologies and frameworks beyond Vert.x. Summary As enterprise applications become larger and more distributed, new architectural approaches like reactive designs, microservices, and event streams are required knowledge. The Vert.x framework provides a mature, rock-solid toolkit for building reactive applications using Java, Kotlin, or Scala. Vert.x in Action teaches you to build responsive, resilient, and scalable JVM applications with Vert.x using well-established reactive design patterns. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the technology Vert.x is a collection of libraries for the Java virtual machine that simplify event-based and asynchronous programming. Vert.x applications handle tedious tasks like asynchronous communication, concurrent work, message and data persistence, plus they’re easy to scale, modify, and maintain. Backed by the Eclipse Foundation and used by Red Hat and others, this toolkit supports code in a variety of languages. About the book Vert.x in Action teaches you how to build production-quality reactive applications in Java. This book covers core Vert.x concepts, as well as the fundamentals of asynchronous and reactive programming. Learn to develop microservices by using Vert.x tools for database communications, persistent messaging, and test app resiliency. The patterns and techniques included here transfer to reactive technologies and frameworks beyond Vert.x. What's inside Building reactive services Responding to external service failures Horizontal scaling Vert.x toolkit architecture and Vert.x testing Deploying with Docker and Kubernetes About the reader For intermediate Java web developers. About the author Julien Ponge is a principal software engineer at Red Hat, working on the Eclipse Vert.x project. Table of Contents PART 1 - FUNDAMENTALS OF ASYNCHRONOUS PROGRAMMING WITH VERT.X 1 Vert.x, asynchronous programming, and reactive systems 2 Verticles: The basic processing units of Vert.x 3 Event bus: The backbone of a Vert.x application 4 Asynchronous data and event streams 5 Beyond callbacks 6 Beyond the event bus PART 2 - DEVELOPING REACTIVE SERVICES WITHT VERT.X 7 Designing a reactive application 8 The web stack 9 Messaging and event streaming with Vert.x 10 Persistent state management with databases 11 End-to-end real-time reactive event processing 12 Toward responsiveness with load and chaos testing 13 Final notes: Container-native Vert.x

Summary The Design of Web APIs is a practical, example-packed guide to crafting extraordinary web APIs. Author Arnaud Lauret demonstrates fantastic design principles and techniques you can apply to both public and private web APIs. About the technology An API frees developers to integrate with an application without knowing its code-level details. Whether you’re using established standards like REST and OpenAPI or more recent approaches like GraphQL or gRPC, mastering API design is a superskill. It will make your web-facing services easier to consume and your clients—internal and external—happier. About the book Drawing on author Arnaud Lauret's many years of API design experience, this book teaches you how to gather requirements, how to balance business and technical goals, and how to adopt a consumer-first mindset. It teaches effective practices using numerous interesting examples. What's inside Characteristics of a well-designed API User-oriented and real-world APIs Secure APIs by design Evolving, documenting, and reviewing API designs About the reader Written for developers with minimal experience building and consuming APIs. About the author A software architect with extensive experience in the banking industry, Arnaud Lauret has spent 10 years using, designing, and building APIs. He blogs under the name of API Handyman and has created the API Stylebook website.

SHORLISTED FOR THE DIVERSE BOOK AWARDS LONGLISTED FOR THE ONDAATJE PRIZE LONGLISTED FOR THE DIVERSE BOOK AWARDS 'Dazzling' Cosmopolitan 'I deeply admire This One Sky Day - and also, not so secretly, bitterly envy it...' MARLON JAMES 'Gorgeous' Financial Times 'Haunting' Independent 'Wonderfully fearless' New Statesman 'Stunning' KEI MILLER Dawn breaks across the archipelago of Popisho. The world is stirring awake again, each resident with their own list of things to do: A wedding feast to conjure and cook An infidelity to investigate A lost soul to set free As the sun rises two star-crossed lovers try to find their way back to one another across this single day. When night falls, all have been given a gift, and many are no longer the same. The sky is pink, and some wonder if it will ever be blue again. What readers are saying 'Brimming with and life and love and just absolutely gorgeous writing. a one-of-a-kind novel.' 'I couldn't put it down and I will be recommending it to everyone.' 'A story luxuriously and confidently told, which is sumptuous from sentence to sentence. There is both literal and literary magic here.' 'This book is bursting at the seams with beauty! Magic! Love! Imagination! It is a burst of colour and flame.' 'It's hard to explain, but if you love getting lost in a story, this could be one for you.'

Summary RxJS in Action gives you the development skills you need to create reactive applications with RxJS. This book is full of theory and practical examples that build on each other and help you begin thinking in a reactive manner. Foreword by Ben Lesh, Project lead, RxJS 5. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the Technology On the web, events and messages flow constantly between UI and server components. With RxJS, you can filter, merge, and transform these streams directly, opening the world of data flow programming to browser-based apps. This JavaScript implementation of the ReactiveX spec is perfect for on-the-fly tasks like autocomplete. Its asynchronous communication model makes concurrency much, much easier. About the Book RxJS in Action is your guide to building a reactive web UI using RxJS. You'll begin with an intro to stream-based programming as you explore the power of RxJS through practical examples. With the core concepts in hand, you'll tackle production techniques like error handling, unit testing, and interacting with frameworks like React and Redux. And because RxJS builds on ideas from the world of functional programming, you'll even pick up some key FP concepts along the way. What's Inside Building clean, declarative, fault-tolerant applications Transforming and composing streams Taming asynchronous processes Integrating streams with third-party libraries Covers RxJS 5 About the Reader This book is suitable for readers comfortable with JavaScript and standard web application architectures. About the Author Paul P. Daniels is a professional software engineer with experience in .NET, Java, and JavaScript. Luis Atencio is a software engineer working daily with Java, PHP, and JavaScript platforms, and author of Manning's Functional Programming in JavaScript. Table of Contents PART 1 - UNDERSTANDING STREAMS Thinking reactively Reacting with RxJS Core operators It's about time you used RxJS PART 2 - OBSERVABLES IN PRACTICE Applied reactive streams Coordinating business processes Error handling with RxJS PART 3 MASTERING RXJS Heating up observables Toward testable, reactive programs RxJS in the wild