Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
68
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
88
Rails: The Good Parts
dimazhlobo
2
62
Ethereum Smart Contracts For Developers
dimazhlobo
0
57
Elasticsearch Introduction
dimazhlobo
0
690
Ruby Code Analisis
dimazhlobo
7
750
Other Decks in Programming
See All in Programming
GraphQLサーバの構成要素を整理する #ハッカー鮨 #tsukijigraphql / graphql server technology selection
izumin5210
4
910
冗長なエラーログを削減し、スタックトレースを手に入れる / Reducing Verbose Error Logs and Obtaining Stack Traces
upamune
0
1.1k
Try creating your own orderedmap
kazamori
1
220
PHPはいつから死んでいるかの調査
chiroruxx
2
420
MicrosoftのPlatform Engineeringガイドを読んで実際になにかやってみた
ymd65536
1
510
Java 22 Overview
kishida
1
200
AmperとFleetを使ったAndroidアプリ
yoppie
0
260
From Spring Boot 2 to Spring Boot 3 with Java 21 and Jakarta EE
ivargrimstad
0
660
Ruby Pattern Matching
bkuhlmann
0
930
if constexpr文はテンプレート世界のラムダ式である
faithandbrave
3
680
Tailwind CSSを本気でカスタマイズする方法
fsubal
15
5.5k
Scalable Customer Journey Orchestration (CJO)
lewuathe
0
420
Featured
See All Featured
Creatively Recalculating Your Daily Design Routine
revolveconf
211
11k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
Being A Developer After 40
akosma
67
580k
Designing for humans not robots
tammielis
247
25k
Web development in the modern age
philhawksworth
203
10k
Designing the Hi-DPI Web
ddemaree
276
33k
Making the Leap to Tech Lead
cromwellryan
125
8.5k
Agile that works and the tools we love
rasmusluckow
325
20k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
41
4.4k
GraphQLとの向き合い方2022年版
quramy
33
12k
How To Stay Up To Date on Web Technology
chriscoyier
782
250k
Learning to Love Humans: Emotional Interface Design
aarron
267
39k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?