Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
76
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
150
Rails: The Good Parts
dimazhlobo
2
130
Ethereum Smart Contracts For Developers
dimazhlobo
0
110
Elasticsearch Introduction
dimazhlobo
0
740
Ruby Code Analisis
dimazhlobo
7
840
Other Decks in Programming
See All in Programming
生成AI時代を勝ち抜くエンジニア組織マネジメント
coconala_engineer
0
39k
ゆくKotlin くるRust
exoego
1
200
LLM Çağında Backend Olmak: 10 Milyon Prompt'u Milisaniyede Sorgulamak
selcukusta
0
150
perlをWebAssembly上で動かすと何が嬉しいの??? / Where does Perl-on-Wasm actually make sense?
mackee
0
320
AI Agent の開発と運用を支える Durable Execution #AgentsInProd
izumin5210
7
1.6k
TestingOsaka6_Ozono
o3
0
270
メルカリのリーダビリティチームが取り組む、AI時代のスケーラブルな品質文化
cloverrose
2
460
CSC307 Lecture 02
javiergs
PRO
1
760
Canon EOS R50 V と R5 Mark II 購入でみえてきた最近のデジイチ VR180 事情、そして VR180 静止画に活路を見出すまで
karad
0
140
Go コードベースの構成と AI コンテキスト定義
andpad
0
160
CSC307 Lecture 01
javiergs
PRO
0
670
実はマルチモーダルだった。ブラウザの組み込みAI🧠でWebの未来を感じてみよう #jsfes #gemini
n0bisuke2
3
1.4k
Featured
See All Featured
Facilitating Awesome Meetings
lara
57
6.7k
Why Our Code Smells
bkeepers
PRO
340
58k
Music & Morning Musume
bryan
46
7k
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
55
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
Navigating Weather and Climate Data
rabernat
0
69
Docker and Python
trallard
47
3.7k
Digital Ethics as a Driver of Design Innovation
axbom
PRO
0
140
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
600
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
aleyda
1
1.8k
Stop Working from a Prison Cell
hatefulcrawdad
273
21k
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
49
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
coconala_engineer
exoego
selcukusta
mackee
izumin5210
o3
cloverrose
javiergs
karad
andpad
n0bisuke2
lara
bkeepers
bryan
marketingsoph
destraynor
rabernat
trallard
axbom
nmsamuel
aleyda
hatefulcrawdad
stuffmc
