No side effects, no surprises.

CORS request Headers cross-origin JavaScript Cybersecurity same-origin Getting to Know CORS Inside and Out In this episode Devin learns about the browser's same-origin policy and the CORS protocol for handling safelisted request headers, unsafe request headers, allowing credentials, allowing methods, exposing headers, caching CORS preflight requests, and cross-origin security.

Variable substitution

The variable substitution processor scans the collection of composed-and-evaluated objects looking for dollar-sign prefixed variables.

In this step, objects are again processed in dependency order, but without distinction as to whether the objects are resource objects or validation objects. (Conceptually, validation objects can be thought of as having a meaning that is distinct from resource objects, but formally, resource objects are themselves validation objects, albeit simple ones.)

For each dollar-sign prefixed variable name encountered by the substitution processor, the variable name is replaced with the value obtained from the just-evaluated resource collection. In this example, the [R] object variable vmp is referenced by the [S] object using the syntax .vmp.

type = resource
resource = memory
vmp = virtual_memory_percent

type = assertion
assert = $R.vmp GT 15 # Free virtual memory should be > 15%

When substituted with the value obtained from the previous step (let's say 99), the internal representation becomes:

internal resource representation
. . .
assert = 99 GT 15
. . .

When substitution is complete, the all-important rule validator is started.