Cet article a pour but d’expliquer comment exposer, sans danger, votre API sur le web… et par conséquent à votre entreprise ! Sans oublier les deux objectifs d’une stratégie de sécurisation d’application : mener la vie dure aux attaquants potentiels, tout en facilitant la vie des consommateurs légitimes.
"IntersectionObserver is a very straight-forward technology. It has a pretty good support in the modern browsers and if you want to implement it for browsers that still (or won’t at all) support it, of course, there is a polyfill for that. But all in all, this is a great technology that allows us to do all sorts of things related to detecting elements in a viewport while helping to achieve a really good performance boost."
"Once web teams have policies like that in place for popular searches that bog down web performance during beyond-peak, it’s easy enough to set up a dashboard with toggles for web teams to switch between rich and powerful searches and redirects when needed."
The Web Payments Working Group is not stopping at the Payment Request API. Work is also underway on other standards, including the Payment Handler API which will allow web applications to act as a third-party payment app.
"This particular decision involving navigation policies exposes web browsers to a greater risk than many might think. I personally would like to see these policies locked down a bit further. It might break some websites that rely on this weird functionality that probably should not even be there in the first place."