Exploring Security Issues with JavaScript Web APIs

This article explores the challenges and solutions of using third-party APIs in web applications while maintaining security. Browsers have a same-origin policy in place to prevent unauthorized data exchange between different domains. However, this policy can sometimes hinder the transfer of data between websites that have different origins. CORS, JSONP, and XHR proxies are three commonly used approaches to bypass this policy while still maintaining security.

CORS, or Cross-Origin Resource Sharing, is a standard that enables requests and responses to bypass their origins by placing information with the HTTP message header. CORS requires the server hosting the resource to include an Access-Control-Allow-Origin header in the HTTP message it sends to the requesting site. This header specifies that the server can access data from the requesting site. CORS is widely used and supports both XMLHttpRequest objects and the Fetch API.

JSONP, or JSON with Padding, is a legacy approach that uses the script element to return JSON data from a server running on a different origin. The data is returned within the script element as the parameter for a callback function, allowing developers to access the data without invoking the same-origin policy. However, JSONP brings executable code into the website, making it vulnerable to malicious attacks. JSONP only works with data in the JSON format, and there is no easy way to determine whether a request has failed and for what reason.

XHR proxies, or XMLHttpRequest proxies, route requests through trusted domains to bypass same-origin policies. This approach requires making requests to a proxy server that can then pass the information onto the web application. The app can use an AJAX request object or Fetch to make the request to the proxy server and include parameters indicating the API that will manage the response. CORS-Anywhere is an example of a proxy server that can manage requests, but developers must set up an account to utilize its features.

Each approach has its advantages and disadvantages, and developers must choose the one that best suits their security needs. CORS is widely used and straightforward, but it does not work with older browsers. JSONP is simple but has security risks and limited data format support. XHR proxies are a more flexible and secure solution, but they require additional configuration and management. In conclusion, developers must carefully evaluate their security requirements before using third-party APIs in their web applications.

EXAMPLES

Here are programming examples for each of the three approaches:

  1. CORS Example:

To enable CORS, the server hosting the resource needs to include an Access-Control-Allow-Origin header in the HTTP response message sent to the requesting site. Here’s an example code snippet that demonstrates how to use CORS with the Fetch API to make a cross-origin request to a server:

fetch('https://example.com/api/data', {
  method: 'GET',
  mode: 'cors',
  headers: {
    'Content-Type': 'application/json'
  },
})
.then(response => response.json())
.then(data => {
  console.log(data);
})
.catch(error => {
  console.log(error);
});

In this example, the fetch function is used to make a GET request to the https://example.com/api/data endpoint. The mode property is set to cors to indicate that a cross-origin request is being made. The server hosting the https://example.com/api/data endpoint needs to include the following header in the response for the request to be successful:

Access-Control-Allow-Origin: *

Or if the request is done from www.domainXYZ.com then if you like to be the only website that can make this API request this should be:

Access-Control-Allow-Origin: www.domainXYZ.com

For doing this in PHP but only for some domains e.g. only for 4 domains see here:

http://leonidassavvides.com/blog/2023/04/24/enable-cors-for-multiple-domains-in-php/#.ZEYT9nZBwuU

  1. JSONP Example:

To use JSONP, you need to create a script element that calls an API running on a server from a different origin. The server returns the requested content in JSON format, which is treated as the parameter for a callback function. Here’s an example code snippet that demonstrates how to use JSONP to make a cross-origin request to the Giphy API:

function getGiphyData(callback) {
  const script = document.createElement('script');
  script.src = `https://api.giphy.com/v1/gifs/random?api_key=YOUR_API_KEY&callback=${callback}`;
  document.head.appendChild(script);
}

function handleGiphyData(data) {
  console.log(data);
}

getGiphyData('handleGiphyData');

In this example, the getGiphyData function creates a script element that calls the Giphy API with an API key and a callback function name. The callback function handleGiphyData is defined to receive the JSON data returned by the API. The getGiphyData function appends the script element to the head element of the document. Finally, the getGiphyData function is called with the callback function name as an argument.

  1. XHR Proxy Example:

To use an XHR proxy, you need to make a request to a trusted proxy server that can handle the cross-origin request on behalf of your app. Here’s an example code snippet that demonstrates how to use an XHR proxy with the XMLHttpRequest object to make a cross-origin request to the GitHub API:

const xhr = new XMLHttpRequest();
xhr.open('GET', 'https://cors-anywhere.herokuapp.com/https://api.github.com/repos/jquery/jquery/commits', true);
xhr.setRequestHeader('Content-Type', 'application/json');
xhr.onreadystatechange = function() {
  if (this.readyState === 4 && this.status === 200) {
    const data = JSON.parse(this.responseText);
    console.log(data);
  }
};
xhr.send();

In this example, the XMLHttpRequest object is used to make a GET request to the GitHub API through the https://cors-anywhere.herokuapp.com proxy server. The setRequestHeader method is used to set the Content-Type header to application/json. The onreadystatechange event is used to handle the response from the server. If the response has a status code of 200 and a ready state of 4, the JSON.parse method is used to parse the JSON data returned by the server. Finally, the parsed data is logged into the console.

Create macOS Ventura[13.x] ISO without a Mac Computer and FREE

Create FREE, FRESH & CLEAN Ventura ISO without a Mac

Create Clean Ventura.iso without a Mac computer and Free

In this article I demonstrate how to create a fresh/free-of-malware Ventura ISO without Mac, using a Ventura VM in the free VMware Player 17.x in Windows 11… the full process will cost 0.00 USD.

To run a Guest VM OS MacOS e.g., Ventura, as a VM with VMware or VirtualBox or Parallels hypervisors, in either MacOS or Windows 11 or Linux (hypervisor-patch run required in Windows or Linux) the hardest part is to obtain the Ventura ISO.
Of course, you can download it from tutorials in blogs or vlogs on YouTube, but you will never know if malicious software or virus exist inside the ISO, so by hardest part mean to create the ISO by yourself on a Mac 🖥️ computer or another MacOS 🖥️ VM.
The latter, I have tested it myself successfully in a MacOS VM in VMware Player 17.x in Windows 11, I have created a Ventura fresh ISO and this WITHOUT a Mac 🖥️ … or any cost!!! Here is the process:

The basic idea is as follows 1-2-3:

Briefly:

1 – Step:

Download Ventura iso from the internet. E.g.,
First non-beta release: “Install macOS Ventura 13.0_22A380.iso” e.g.
https://www.youtube.com/watch?v=8-eoiBVpBS0
Links: MacOS Ventura ISO; All in One: https://bit.ly/Venturain1
Or
Part 1: https://bit.ly/MacosV1 Part 2: https://bit.ly/macosV2 Part 3: https://bit.ly/macosV3

NOTE-1: THIS ISO IS NOT SECURE — BECAUSE THE PERSON WHO CREATED IT MAY INFECT IT WITH A VIRUS ON PURPOSE.

NOTE-2: WE WILL USE THIS TO CREATE VENTURA ISO BECAUSE WE DO NOT HAVE ACCESS TO A MACOS VENTURA Mac MACHINE. DURING THE PROCESS NEVER USE ANY LOGIN TO SENSITIVE ACCOUNT INSIDE THIS VM, TILL WE CREATE THE FRESH ISO AND RUN ANOTHER VM FROM THIS FRESH NEW CREATED VENTURA ISO.

2 – Step:

Create with this ISO a Ventura Guest VM with VMware Player 17.x in Windows 11. E.g., Here’s How-To:
https://www.youtube.com/watch?v=8-eoiBVpBS0
Or
https://www.youtube.com/watch?v=CeSqdrf1WOg

3 – Step:

Having this MacOS environment, we will use this macOS VM to create a fresh and clean of infections or viruses, Ventura ISO.

In my case I created a FRESH & CLEAN Ventura13.2 ISO From download the:
“Install macOS Ventura 13.0_22A380.iso” from https://www.youtube.com/watch?v=R9SFVYYuo8Q
and followed the guide here:
https://www.youtube.com/watch?v=CeSqdrf1WOg   // Guide to creating Ventura VM

===

I will show you the process for the latter 3rd-step, so follow here from a MacOS VM or a Mac Computer:

===

STEP-BY-STEP OF 3 – Step (above, Video on YouTube coming soon…, The Notes in this article are important!):

Download Link-1: doc-1-Binder1__Ventura_13_2_myself.iso.pdf

Download Link-2: doc-2-CREATE-ventura-iso–TERMINAL-COMMANDS.txt

I –
Open VMware and run the MacOS Ventura VM or Startup your Mac Ventura Computer.

II –
Go to Mac App Store and search & download the: “macOS Ventura.”
1
The macOS Ventura page will open, Click on Get.
2
System Settings will then open, and it will check for the update. And you will see a popup screen to download macOS Ventura. Click on Download.
3
The macOS Ventura download process will get started. The macOS Ventura file size is around 12.25 GB. So, the download process will take some time.
4
When the download process gets completed. The macOS Ventura installer will open.
5
Click on the menu: “Install macOS Ventura” from the menu bar and click on the sub-menu “Quit Install macOS”.
6
Setup will ask for confirmation, click on Quit.

III –

After you have to go to the Mac Terminal and run the BOLD commands below:

In the end, you will have a fresh and clean of infections: Ventura ISO on your Mac VM Desktop. Please type only BOLD – other characters are the Terminal output and must NOT get typed.
>>>

Last login: Sun Feb 12 13:02:58 on console

leonidas@192 ~ % hdiutil create -o /tmp/Ventura -size 16384m -volname Ventura -layout SPUD -fs HFS+J

created: /tmp/Ventura.dmg

leonidas@192 ~ % hdiutil attach /tmp/Ventura.dmg -noverify -mountpoint /Volumes/Ventura

/dev/disk4              Apple_partition_scheme              

/dev/disk4s1            Apple_partition_map                 

/dev/disk4s2            Apple_HFS                            /Volumes/Ventura

leonidas@192 ~ % sudo /Applications/Install\ macOS\ Ventura.app/Contents/Resources/createinstallmedia –volume /Volumes/Ventura –nointeraction

Password: <ENTER PASSWORD MAC – NOTHING APPEAR>

Erasing disk: 0%… 10%… 20%… 30%… 100%

Making disk bootable…

Copying to disk: 0%… 10%… 20%… 30%… 40%… 50%… 60%… 70%… 80%… 90%… 100%

Install media now available at “/Volumes/Install macOS Ventura”

leonidas@192 ~ % hdiutil eject -force /Volumes/Install\ macOS\ Ventura

“disk4” ejected.

leonidas@192 ~ % hdiutil convert /tmp/Ventura.dmg -format UDTO -o ~/Desktop/Ventura

Reading Driver Descriptor Map (DDM : 0)…

Reading Apple (Apple_partition_map : 1)…

Reading  (Apple_Free : 2)…

Reading disk image (Apple_HFS : 3)…

……………………………………………………………………………………………………………………………….

Elapsed Time:  4m 14.985s

Speed: 64.3MB/s

Savings: 0.0%

created: /Users/leonidas/Desktop/Ventura.cdr

leonidas@192 ~ % mv -v ~/Desktop/Ventura.cdr ~/Desktop/Ventura.iso

/Users/leonidas/Desktop/Ventura.cdr -> /Users/leonidas/Desktop/Ventura.iso

leonidas@192 ~ %

Now, AFTER COPY the Ventura ISO TO A USB STICK – Or backup otherwise – do type the final command to clean up all files Not needed except ISO File:

rm -fv /tmp/Ventura.dmg

========================== End Of Terminal ==========================

Final Notes:

1
If you want to COPY the Ventura ISO to a USB Stick, please insert an EXFAT FORMATED USB 3 STICK, While the VM is running, Hypervisor then asks if opens in the Host OS or in the Guest OS, choose Guest OS and COPY the ISO to this USB Stick.

PLEASE SHUTDOWN HYPERVISOR e.g. VMware Player, then the USB will mount in the Windows 11 host OS, you can shut down Windows 11 to remove the USB Stick or Safety Remove the USB Stick otherwise.

2
With the FRESH-CLEAN-FREE-OF-INFECTIONS Ventura ISO, you can create a VM in Windows 11 or 10, in Linux OS, or in macOS even MacOS Not support Ventura.

3
Important!
MARK THE JUST CREATED ISO VENTURA AS CLEAN VM e.g., “Ventura13_2_clean_myself.iso”
AND ALSO, MARK VMs you will create with this as Clean ISO.
THEN YOU CAN DELETE VM created from NOT TRUSTED ISO FROM THE INTERNET.

If I get requests, I can upload my fresh generated Ventura 13.2.iso to Google Drive for public download.

LSE

Lsepolis123@gmail.com

http://leonidassavvides.com/

Linux CLI Terminal: Free Memory & Free Disk Space

How to Check Free Memory Space on Linux

========

How to Check Free Memory Space on Linux [Terminal]

==================================

Method 1: Using meminfo

cat /proc/meminfo

grep MemTotal /proc/meminfo

=================
=================

Method 2: Using free, top and Other Commands
1
Typing free in your command terminal provides the following result:
free
2
Use:
top
htop
3
Provides general information about processes, memory, paging, block IO, traps, and CPU activity.
vmstat

=================

How to Check Free Disk Space on Linux

========

How to Check Free Disk Space on Linux [Terminal]

==================================

Method 1: Using df 
The df command stands for disk-free and quite obviously, it shows you the free and available disk space on Linux systems.
1
With -h option, it shows the disk space in human-readable format (MB and GB).
df -h
2
View the disk usage with more details like filesystem type and blocks, you can use the command:
df -T
3
Shows the file system's complete disk usage even if the Available field is 0
df -a 

=================

Method 2: Using du, ls, and Other Commands
While df command is quite popular and should be enough for the use case, there are other alternatives that you can try including:

du -h → Shows disk usage in human-readable format for all directories and subdirectories.
du -a →Shows disk usage for all files.
du -s Provides the total disk space used by a particular file or directory.
ls -al →Lists the entire contents, along with their size, of a particular directory.
stat <file/directory> →Displays the size and other stats of a file/directory or a file system.
fdisk -l →Shows disk size along with disk partitioning information (may require sudo privileges).
dust  → An interesting alternative to the du command written in Rust, available for Arch Linux in the repositories. For other Linux distros, you can refer to its GitHub releases section.

=================