Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
76
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
150
Rails: The Good Parts
dimazhlobo
2
130
Ethereum Smart Contracts For Developers
dimazhlobo
0
110
Elasticsearch Introduction
dimazhlobo
0
750
Ruby Code Analisis
dimazhlobo
7
840
Other Decks in Programming
See All in Programming
CSC307 Lecture 08
javiergs
PRO
0
670
AIによる開発の民主化を支える コンテキスト管理のこれまでとこれから
mulyu
3
260
AIフル活用時代だからこそ学んでおきたい働き方の心得
shinoyu
0
130
AI Agent の開発と運用を支える Durable Execution #AgentsInProd
izumin5210
7
2.3k
AI巻き込み型コードレビューのススメ
nealle
1
210
HTTPプロトコル正しく理解していますか? 〜かわいい猫と共に学ぼう。ฅ^•ω•^ฅ ニャ〜
hekuchan
2
690
16年目のピクシブ百科事典を支える最新の技術基盤 / The Modern Tech Stack Powering Pixiv Encyclopedia in its 16th Year
ahuglajbclajep
5
1k
Fragmented Architectures
denyspoltorak
0
150
Fluid Templating in TYPO3 14
s2b
0
130
開発者から情シスまで - 多様なユーザー層に届けるAPI提供戦略 / Postman API Night Okinawa 2026 Winter
tasshi
0
200
React 19でつくる「気持ちいいUI」- 楽観的UIのすすめ
himorishige
11
7.4k
【卒業研究】会話ログ分析によるユーザーごとの関心に応じた話題提案手法
momok47
0
200
Featured
See All Featured
Rails Girls Zürich Keynote
gr2m
96
14k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
300
Visualization
eitanlees
150
17k
How to Think Like a Performance Engineer
csswizardry
28
2.4k
State of Search Keynote: SEO is Dead Long Live SEO
ryanjones
0
120
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
0
250
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
baasie
0
450
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Code Review Best Practice
trishagee
74
20k
Site-Speed That Sticks
csswizardry
13
1.1k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
javiergs
mulyu
shinoyu
izumin5210
nealle
hekuchan
ahuglajbclajep
denyspoltorak
s2b
tasshi
himorishige
momok47
gr2m
caitiem20
chrisshort
reverentgeek
eitanlees
csswizardry
ryanjones
baasie
chriscoyier
trishagee
