Syed's Blogs

  What is CORS CORS (Cross-Origin Resource Sharing) is a browser security mechanism that controls which origins (domains) are allowed to read responses from your server. Origin = protocol + domain + port https://app.com ≠ https://api.com ≠ http://app.com Why CORS was developed Browsers enforce the Same-Origin Policy (SOP) : A script from one origin cannot read data from another origin. Problem SOP caused: Legit frontend ( app.com ) couldn’t call backend ( api.com ) and read responses. CORS solution: Let the server explicitly whitelist trusted origins . How CORS works Simple request Browser sends: Origin: https://app.com Server responds: Access-Control-Allow-Origin: https://app.com → Browser allows frontend JS to read the response Preflight request (for complex requests) Browser first sends: OPTIONS /api Origin: https://app.com Access-Control-Request-Method: POST Server replies: Access-Control-Allow-Origin: https://app.com Access-Contro...

  CSRF (Cross-Site Request Forgery) A browser-based attack where a malicious site tricks a user’s browser into sending a request (with cookies automatically attached) to your application. When CSRF is enabled (default in Spring Security) Spring expects a CSRF token on every state-changing request (POST, PUT, DELETE). Token is generated server-side and must be sent back (header/form field). Protects against attacks that rely on browser + cookies . Meaning: Only requests coming from your legitimate frontend (which has the token) are accepted. What “disable CSRF” means http . csrf () . disable (); Spring stops validating CSRF tokens . Any request is accepted without CSRF token verification . Impact: You lose protection against browser-based CSRF attacks. But only matters if your app uses cookies/session authentication . Why it’s commonly disabled in REST APIs Because REST APIs typically: Are stateless Use Authorization headers (JWT/Bearer tokens...

 Cascade.ALL is used to apply all operations on the children table which are getting applied on parent Operation includes - Delete -  If parent is deleted then all children will be deleted. - Persist - If parent is persisted then all children will be persisted. - Update/Merge - If parent is updated then all changes in each children will be updated. - Reload -  If you reload parent from DB, all children will be reloaded. - Detach -  If parent is detached from the hibernate session all children will also be detached. ⚠️ The Danger Zone CascadeType.ALL is powerful but can be risky:  - Accidental Deletes: If you delete a Department, you might delete 500 Employees you didn't mean to.      - Performance: If you have a massive list, a simple update to the Parent might trigger checks/updates on every single Child. - Global Impact: It is usually better for Composition (where the child can't exist without the parent, like an Invoice and InvoiceItems). ⚠️ Wh...

🧠 Step 1 — What Spring really creates You write: @ Service public class OrderService { @ Transactional public void placeOrder () { } @ CacheEvict ( value = "productCache" , key = "#productId" ) public void updateProduct ( int productId ) { } } ❗ What actually exists at runtime Spring creates two objects : 1. Real Object: OrderService 2. Proxy Object: OrderService$$SpringProxy 👉 Important When you do: @ Autowired OrderService orderService ; 👉 You are getting: OrderService$$SpringProxy NOT your real class. 🧩 Step 2 — What’s inside the proxy? The proxy wraps your method calls like this: public class OrderServiceProxy { private OrderService target ; public void updateProduct ( int productId ) { // 🔥 Cache logic injected here evictCache ( "productCache" , productId ); target . updateProduct ( productId ); } public void placeOrder () { startTra...

 Valid word abbreviation problem will be solved by using 2 pointer approach, it has certain limitations: - abbreviation must not contain leading zeros    - example:  word: laughing out loud abbr: l07outl  explanation: because of 0 before 7 it's not valid abbreviation, why? due to the start of the digits in abbr with zero, which is called leading zero. - adjacent substrings in the abbreviation is not accepted   - example:  word: as soon as possible abbr: a42e explanation: soon and as are adjaced substring, and abbreviation of soon and as is 42 collectively, which is not allowed. - replacing an empty substring is not allowed   - example: word: abbreviation abbr: a0bbreviation explanation: zero between a and b is a replacement of empty substring which is not allowed Solution approach: - we will take two pointers (i and j), and i will be pointing to the start of the "word" and j will be pointing to the start of the "abbreviation" - ...

when we have docker compose and we can define rules to run our containerized applications over there ... so why do we need k8s...? Well we can certainly manage very small containers... but handling large scale applications through this will certainly be a nightmare... Because ... large apps will need to scale automatically.. and docker compose requires manual intervention and scripting .. ahhh who will re invent the wheel... Let's k8s do this... Now when we know the importance of k8s .. we have to learn it's core components and it's architecture level working... k8$ environment have a company named ... control pane .. who is responsible for managing and running kubernetes clusters ....  This company, named control pane.. have a CEO.. named, API Server ...I wasn't talking about the actual CEO of kubernetes 😅... just an analogy... Every one discuss there matters with API server ... and api server talks to everyone ... It's kind of a brain of the company...  Next come...