Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
74
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
130
Rails: The Good Parts
dimazhlobo
2
110
Ethereum Smart Contracts For Developers
dimazhlobo
0
86
Elasticsearch Introduction
dimazhlobo
0
720
Ruby Code Analisis
dimazhlobo
7
820
Other Decks in Programming
See All in Programming
たった 1 枚の PHP ファイルで実装する MCP サーバ / MCP Server with Vanilla PHP
okashoi
1
260
NPOでのDevinの活用
codeforeveryone
0
840
スタートアップの急成長を支えるプラットフォームエンジニアリングと組織戦略
sutochin26
1
5.9k
Discover Metal 4
rei315
2
140
RailsGirls IZUMO スポンサーLT
16bitidol
0
190
VS Code Update for GitHub Copilot
74th
2
650
Flutterで備える!Accessibility Nutrition Labels完全ガイド
yuukiw00w
0
160
GitHub Copilot and GitHub Codespaces Hands-on
ymd65536
2
150
Webの外へ飛び出せ NativePHPが切り拓くPHPの未来
takuyakatsusa
2
560
Rails Frontend Evolution: It Was a Setup All Along
skryukov
0
150
AI時代の『改訂新版 良いコード/悪いコードで学ぶ設計入門』 / ai-good-code-bad-code
minodriven
15
6k
チームのテスト力を総合的に鍛えて品質、スピード、レジリエンスを共立させる/Testing approach that improves quality, speed, and resilience
goyoki
5
890
Featured
See All Featured
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
126
53k
Facilitating Awesome Meetings
lara
54
6.4k
GitHub's CSS Performance
jonrohan
1031
460k
Balancing Empowerment & Direction
lara
1
430
The Invisible Side of Design
smashingmag
301
51k
Building a Modern Day E-commerce SEO Strategy
aleyda
42
7.4k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
960
Agile that works and the tools we love
rasmusluckow
329
21k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
The Straight Up "How To Draw Better" Workshop
denniskardys
234
140k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
22k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?