Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
74
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
130
Rails: The Good Parts
dimazhlobo
2
100
Ethereum Smart Contracts For Developers
dimazhlobo
0
82
Elasticsearch Introduction
dimazhlobo
0
720
Ruby Code Analisis
dimazhlobo
7
820
Other Decks in Programming
See All in Programming
データベースコネクションプール(DBCP)の変遷と理解
fujikawa8
1
240
Elixir で IoT 開発、 Nerves なら簡単にできる!?
pojiro
1
120
TypeScript LSP の今までとこれから
quramy
1
490
Gleamという選択肢
comamoca
6
680
PT AI без купюр
v0lka
0
230
Cursor Meetup Tokyo ゲノミクスとCursor: 進化と制約のあいだ
koido
2
970
つよそうにふるまい、つよい成果を出すのなら、つよいのかもしれない
irof
1
280
Parallel::Pipesの紹介
skaji
2
900
UPDATEがシステムを複雑にする? イミュータブルデータモデルのすすめ
shimomura
1
530
型付きアクターモデルがもたらす分散シミュレーションの未来
piyo7
0
750
実践ArchUnit ~実例による検証パターンの紹介~
ogiwarat
2
250
AWS CDKの推しポイント 〜CloudFormationと比較してみた〜
akihisaikeda
2
150
Featured
See All Featured
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Embracing the Ebb and Flow
colly
86
4.7k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
16
910
Balancing Empowerment & Direction
lara
1
280
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
252
21k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Faster Mobile Websites
deanohume
307
31k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
47
2.8k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
106
19k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.6k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
2.8k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
fujikawa8
pojiro
quramy
comamoca
v0lka
koido
irof
skaji
shimomura
piyo7
ogiwarat
akihisaikeda
jlugia
colly
sergeychernyshev
lara
smashingmag
marcelosomers
malarkey
deanohume
tammyeverts
panda_program
danielanewman
eileencodes
