In this talk, Kirk will explain how origins work in your web browser, and why they are the fundamental protection against attacks like cross-site request forgery.
Along the way we'll look at how you can leverage the same-origin policy to protect data on your site, and how you can bend it to your will to allow functionality to be hosted on multiple urls -- such as cross-origin resource sharing (CORS), PostMessage and JSONP.
Kirk Jackson works at RedShield, leads this meetup and helps organise the annual OWASP NZ Day in Auckland.
Please arrive around 5:45pm for a 6pm start.
The talk will also be live-streamed and recorded on Youtube at the following url: https://www.youtube.com/watch?v=5wFCRANIbdc