Loading…
Tag
#HTTP
2 posts
April 26, 2026
WebSockets Are an HTTP Request That Stops Being HTTP
WebSockets disguise themselves as HTTP, then drop the disguise the moment they're past the firewall. That trick is the entire reason real-time works on the web — and the entire reason WebSockets break your load balancer, your thread pool, and your deploys. This post walks through the four promises of HTTP, how SSE bends one of them, how WebSockets break three, and what production teams have to rebuild because of it.
WebSocketsHTTPServer-Sent Events
April 16, 2026
CORS Isn't Blocking You — Your Browser Is. Here's What's Actually Happening
Most developers treat CORS errors as a server configuration mystery. They're not. Your server responded fine — your browser intercepted the response. This post covers the CSRF attack CORS was built to prevent, how origin is actually defined, why Postman never sees CORS errors, how preflight requests work, and what every response header actually means.
CORSHTTPBrowser Security