Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Dmitry Zhlobo
July 02, 2015
Programming
1
78
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
160
Rails: The Good Parts
dimazhlobo
2
140
Ethereum Smart Contracts For Developers
dimazhlobo
0
120
Elasticsearch Introduction
dimazhlobo
0
750
Ruby Code Analisis
dimazhlobo
7
850
Other Decks in Programming
See All in Programming
PHP 7.4でもOpenTelemetryゼロコード計装がしたい! / PHPerKaigi 2026
arthur1
1
360
Rで始めるML・LLM活用入門
wakamatsu_takumu
0
190
米国のサイバーセキュリティタイムラインと見る Goの暗号パッケージの進化
tomtwinkle
2
640
野球解説AI Agentを開発してみた - 2026/02/27 LayerX社内LT会資料
shinyorke
PRO
0
350
『Kubernetes ☸️ で実践する Platform Engineering 』を最高速度で読み抜いたる!!👊🏻
hiroki_hasegawa
0
100
Takumiから考えるSecurity_Maturity_Model.pdf
gessy0129
1
150
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
910
maplibre-gl-layers - 地図に移動体たくさん表示したい
kekyo
PRO
0
400
コーディングルールの鮮度を保ちたい / keep-fresh-go-internal-conventions
handlename
0
230
Agentic AI: Evolution oder Revolution
mobilelarson
PRO
0
190
20260313 - Grafana & Friends Taipei #1 - Kubernetes v1.36 的開發雜記:那些困在 Alpha 加護病房太久的 Metrics
tico88612
0
230
技術検証結果の整理と解析をAIに任せよう!
keisukeikeda
0
130
Featured
See All Featured
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
61
43k
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2.1k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
500
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3.4k
What's in a price? How to price your products and services
michaelherold
247
13k
AI in Enterprises - Java and Open Source to the Rescue
ivargrimstad
0
1.2k
Tell your own story through comics
letsgokoyo
1
870
Optimising Largest Contentful Paint
csswizardry
37
3.6k
Neural Spatial Audio Processing for Sound Field Analysis and Control
skoyamalab
0
230
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
aleyda
1
2k
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
auna
0
92
Leadership Guide Workshop - DevTernity 2021
reverentgeek
1
240
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
.jpeg){kind=avatar}
arthur1
wakamatsu_takumu
tomtwinkle
shinyorke
hiroki_hasegawa
gessy0129
ivargrimstad
kekyo
handlename
mobilelarson
tico88612
keisukeikeda
rkaga
inesmontani
tammyeverts
eileencodes
michaelherold
letsgokoyo
csswizardry
skoyamalab
aleyda
auna
reverentgeek
