We’re excited to release the third release candidate of GIMP version 3.2! It contains a number of bug fixes and final polishes as we prepare the first stable release of GIMP 3.2.
See the official website.
marți, 3 martie 2026
luni, 2 martie 2026
sâmbătă, 28 februarie 2026
Security : CORS (Cross‑Origin Resource Sharing) few headers.
CORS (Cross‑Origin Resource Sharing) is a browser security mechanism that controls whether a web application is allowed to request resources from a different domain than the one it was loaded from. It is a controlled extension of the Same‑Origin Policy, which would otherwise block most cross‑site requests.
CORS allows a server to explicitly declare which origins are permitted to access its resources. Without this rule, a malicious website could attempt to read sensitive data from your account on another site.
| Header | Explanation |
|---|---|
| Access-Control-Allow-Origin: * | Allows any origin to access the resource (very risky for sensitive APIs). |
| Access-Control-Allow-Origin: https://example.com | Allows only the specified origin to access the resource. |
| Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH | Specifies which HTTP methods are allowed for cross-origin requests. |
| Access-Control-Allow-Headers: Content-Type, Authorization, X-Api-Key | Lists which custom request headers the client is allowed to send. |
| Access-Control-Allow-Credentials: true | Allows cookies and authentication data in cross-origin requests; cannot be used with "*". |
| Access-Control-Expose-Headers: X-RateLimit-Remaining, X-Custom-Header | Allows the browser to read specific response headers that are normally hidden. |
| Access-Control-Max-Age: 86400 | Defines how long the browser may cache the preflight response (in seconds). |
| Access-Control-Request-Method: PUT | Sent by the browser during preflight to ask if the HTTP method is allowed. |
| Access-Control-Request-Headers: Authorization, X-Api-Key | Sent by the browser during preflight to ask if custom headers are allowed. |
| Origin: https://client.com | Sent by the browser to indicate the origin of the request. |
| Vary: Origin | Instructs caches that the response may vary depending on the Origin header. |
| Vary: Access-Control-Request-Headers | Ensures caches treat responses differently based on requested headers. |
| Vary: Access-Control-Request-Method | Ensures caches treat responses differently based on requested methods. |
| Timing-Allow-Origin: * | Allows cross-origin access to detailed performance timing information. |
| Timing-Allow-Origin: https://example.com | Allows only the specified origin to access performance timing data. |
| Access-Control-Allow-Private-Network: true | Allows requests to private network resources (used in newer browser security models). |
| Cross-Origin-Opener-Policy: same-origin | Isolates the browsing context from cross-origin pages to prevent data leaks. |
| Cross-Origin-Opener-Policy: same-origin-allow-popups | Allows popups but keeps the main page isolated from cross-origin interference. |
| Cross-Origin-Opener-Policy: unsafe-none | Disables isolation; allows cross-origin interactions (least secure). |
| Cross-Origin-Embedder-Policy: require-corp | Requires embedded resources to explicitly allow cross-origin embedding (needed for SharedArrayBuffer). |
| Cross-Origin-Embedder-Policy: unsafe-none | Allows embedding any resource without restrictions (not secure). |
| Cross-Origin-Resource-Policy: same-origin | Restricts resource loading to the same origin only. |
| Cross-Origin-Resource-Policy: same-site | Allows resource loading from the same site but different subdomains. |
| Cross-Origin-Resource-Policy: cross-origin | Allows resource loading from any origin. |
| Cross-Origin-Opener-Policy-Report-Only | Reports violations of COOP without enforcing them. |
| Cross-Origin-Embedder-Policy-Report-Only | Reports violations of COEP without enforcing them. |
| Content-Security-Policy: script-src 'self' | Restricts which scripts can run; critical for preventing cross-origin script injection. |
| Content-Security-Policy: worker-src 'self' | Controls which origins can load Web Workers; required for secure WASM execution. |
| Content-Security-Policy: frame-ancestors 'none' | Prevents the page from being embedded in iframes (anti-clickjacking). |
| Content-Security-Policy: require-trusted-types-for 'script' | Protects against DOM XSS by enforcing Trusted Types. |
| Permissions-Policy: shared-array-buffer=(self) | Allows SharedArrayBuffer only in isolated contexts (COOP + COEP required). |
| Permissions-Policy: fullscreen=(self) | Controls which origins can request fullscreen mode. |
| Permissions-Policy: geolocation=() | Blocks geolocation access for all origins. |
| Referrer-Policy: no-referrer | Prevents sending the Referer header to any destination. |
| Referrer-Policy: strict-origin-when-cross-origin | Sends full referrer on same-origin requests, but only origin on cross-origin. |
| Sec-Fetch-Site: cross-site | Indicates the request came from a different site; used by browsers for security decisions. |
| Sec-Fetch-Mode: cors | Indicates the request is a CORS request. |
| Sec-Fetch-Dest: script | Indicates the destination type of the request (script, image, iframe, etc.). |
| Sec-Fetch-User: ?1 | Indicates the request was triggered by a user interaction. |
| Report-To: {"group":"coop","max_age":10886400} | Defines where browsers should send COOP/COEP violation reports. |
| NEL: {"report_to":"coop","max_age":10886400} | Network Error Logging; allows reporting of network failures. |
News : CORE browser.
An out of this world experience, CORE is the most innovative web browser that exists on the market. With its high-end, scale-able functionalities, we aim high with CORE. CORE is the web browser from the future - built specifically to optimise your lifestyle and combine the best of both traditional and modern worlds in the new digital age.
See the official website.
vineri, 27 februarie 2026
News : Delphi turns 31 in 2026 with new budget model.
I've used Delphi in the past, which is based on the Pascal programming language and comes with object-oriented programming. It didn't cost much, it was also freeware, I don't know... it had a component-type package system.
Delphi turns 31 in 2026. If your team builds and maintains high-performance apps, this anniversary promo is a straightforward way to cut costs now, or lock in predictable updates and support for the next 31 months.
CTOs and CIOs usually weigh ROI, risk, scalability, and long-term maintainability. RAD Studio 13 is built for native, enterprise-grade apps: better performance, and a platform designed for long-lived codebases. That helps you reduce stack sprawl, keep delivery moving with a small team, and protect the code you already own.
Your new license will also include the next product release at no additional cost.
Choose the option that matches your budget model:
Option A - Immediate savings
- 15% off Professional
- 25% off Enterprise
- 31% off Architect (one of the biggest discounts we’ve offered)
Option B - Predictable maintenance
- Pay full price on any edition and get 31 months of maintenance total (12 months included + 19 months free), including free updates and support.
Promo pricing is available now until Feb 28, 2026.
Labels:
2026,
2026 news,
Delphi,
development,
news,
programming
Abonați-vă la:
Comentarii (Atom)