CORS_再入門.pdf

4c179cd6250ba8459f278a1440d7f610?s=47 dach
February 27, 2020
59

 CORS_再入門.pdf

4c179cd6250ba8459f278a1440d7f610?s=128

dach

February 27, 2020
Tweet

Transcript

  1. 2.

    Who is me? Job • 元SRE →まねーじめんと(実装したい) 所属 • EasyEasy運営 •

    TOPGATE • チキン南蛮を支える会(仮) 最近の主な出費 • 食費、嫁の時計
  2. 3.
  3. 18.

    CORS in detail const xhr = new XMLHttpRequest(); const url

    = 'https://bar.other/resources/public-data/'; xhr.open('GET', url); xhr.onreadystatechange = someHandler; xhr.send();
  4. 19.

    CORS in detail const xhr = new XMLHttpRequest(); const url

    = 'https://bar.other/resources/public-data/'; xhr.open('GET', url); xhr.onreadystatechange = someHandler; xhr.send(); 誰が呼び出したか
  5. 20.

    CORS in detail if($_SERVER['HTTP_ORIGIN'] == "http://arunranga.com") { header('Access-Control-Allow-Origin: http://arunranga.com'); header('Access-Control-Allow-Methods:

    GET, OPTIONS'); header('Access-Control-Allow-Credentials: true'); header('Access-Control-Max-Age: 1728000'); header("Content-Length: 0"); header("Content-Type: text/plain"); } else { header("HTTP/1.1 403 Access Forbidden"); header("Content-Type: text/plain"); echo "You cannot repeat this request"; }
  6. 21.

    CORS in detail if($_SERVER['HTTP_ORIGIN'] == "http://arunranga.com") { header('Access-Control-Allow-Origin: http://arunranga.com'); header('Access-Control-Allow-Methods:

    GET, OPTIONS'); header('Access-Control-Allow-Credentials: true'); header('Access-Control-Max-Age: 1728000'); header("Content-Length: 0"); header("Content-Type: text/plain"); } else { header("HTTP/1.1 403 Access Forbidden"); header("Content-Type: text/plain"); echo "You cannot repeat this request"; } 誰からのアクセス を許可しているか
  7. 22.

    CORS in detail if($_SERVER['HTTP_ORIGIN'] == "http://arunranga.com") { header('Access-Control-Allow-Origin: http://arunranga.com'); header('Access-Control-Allow-Methods:

    GET, OPTIONS'); header('Access-Control-Allow-Credentials: true'); header('Access-Control-Max-Age: 1728000'); header("Content-Length: 0"); header("Content-Type: text/plain"); } else { header("HTTP/1.1 403 Access Forbidden"); header("Content-Type: text/plain"); echo "You cannot repeat this request"; } 誰からのアクセス を許可しているか 結果
  8. 23.

    CORS in detail const xhr = new XMLHttpRequest(); const url

    = 'https://bar.other/resources/public-data/'; xhr.open('GET', url); xhr.onreadystatechange = someHandler; xhr.send(); 誰が呼び出したか 誰からのアクセス を許可しているか if($_SERVER['HTTP_ORIGIN'] == "http://arunranga.com") { header('Access-Control-Allow-Origin: http://arunranga.com'); header('Access-Control-Allow-Methods: GET, OPTIONS'); header('Access-Control-Allow-Credentials: true'); header('Access-Control-Max-Age: 1728000'); header("Content-Length: 0"); header("Content-Type: text/plain"); } else { header("HTTP/1.1 403 Access Forbidden"); header("Content-Type: text/plain"); echo "You cannot repeat this request"; }
  9. 27.