Friday 26 September 2014

Is CSS case sensitive?

CSS is case insensitive in all matters under its control; however, some things, such as the document markup language, are beyond its control. HTML is case insensitive in most respects, except when it comes to certain attribute values, like the id and class attributes. XHTML, being XML, is always case sensitive.

The simplest way to mitigate any potential issues surrounding case sensitivity is to always use lowercase for everything in your markup and CSS, where possible. If that’s not possible, make sure the case you use is consistent between your CSS and your document markup.

CSS Case Sensitivity

www.w3.org >> Element identifiers: the id and class attributes

Are class names in CSS selectors case sensitive?

Wednesday 24 September 2014

How does browsers' same-origin policy (SOP) work?

Browser security prevents a web page from making AJAX requests to another domain. This restriction is called the same-origin policy, and prevents a malicious site from reading sensitive data from another site. However, sometimes you might want to let other sites call your web Service / Web API.

I was under the impression that the request will never go to the server in this scenario. I am sure that many of you would be thinking the same. BUT if you watch the HTTP traffic in a tool like Fiddler, you will see that the browser does send the GET request, and the request succeeds, but the AJAX call returns an error. It’s important to understand that same-origin policy does not prevent the browser from sending the request. Instead, it prevents the application from seeing the response.

Now you can use a mechanism called CORS i.e Cross-Origin Resource Sharing, to enable client-side cross-origin requests.

Cross-Origin Requests in ASP.NET Web API

Cross-Origin Requests in ASP.NET Web API

Browser security prevents a web page from making AJAX requests to another domain. This restriction is called the same-origin policy, and prevents a malicious site from reading sensitive data from another site. However, sometimes you might want to let other sites call your web API.

Cross Origin Resource Sharing (CORS) is a W3C standard that allows a server to relax the same-origin policy. Using CORS, a server can explicitly allow some cross-origin requests while rejecting others. CORS is safer and more flexible than earlier techniques such as JSONP. Follow below links to see how to enable CORS in your Web API application.