Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Dmitry Zhlobo
July 02, 2015
Programming
1
76
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
150
Rails: The Good Parts
dimazhlobo
2
130
Ethereum Smart Contracts For Developers
dimazhlobo
0
110
Elasticsearch Introduction
dimazhlobo
0
750
Ruby Code Analisis
dimazhlobo
7
840
Other Decks in Programming
See All in Programming
AtCoder Conference 2025
shindannin
0
1.1k
AIと一緒にレガシーに向き合ってみた
nyafunta9858
0
220
AIエージェント、”どう作るか”で差は出るか? / AI Agents: Does the "How" Make a Difference?
rkaga
4
2k
Vibe Coding - AI 驅動的軟體開發
mickyp100
0
170
Amazon Bedrockを活用したRAGの品質管理パイプライン構築
tosuri13
4
370
カスタマーサクセス業務を変革したヘルススコアの実現と学び
_hummer0724
0
690
AIで開発はどれくらい加速したのか?AIエージェントによるコード生成を、現場の評価と研究開発の評価の両面からdeep diveしてみる
daisuketakeda
1
2.4k
IFSによる形状設計/デモシーンの魅力 @ 慶應大学SFC
gam0022
1
300
humanlayerのブログから学ぶ、良いCLAUDE.mdの書き方
tsukamoto1783
0
190
CSC307 Lecture 07
javiergs
PRO
0
550
AIエージェントのキホンから学ぶ「エージェンティックコーディング」実践入門
masahiro_nishimi
5
430
開発者から情シスまで - 多様なユーザー層に届けるAPI提供戦略 / Postman API Night Okinawa 2026 Winter
tasshi
0
200
Featured
See All Featured
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
Site-Speed That Sticks
csswizardry
13
1.1k
Statistics for Hackers
jakevdp
799
230k
The SEO identity crisis: Don't let AI make you average
varn
0
77
Optimizing for Happiness
mojombo
379
71k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.4k
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
640
How to Talk to Developers About Accessibility
jct
2
130
Writing Fast Ruby
sferik
630
62k
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.1k
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
HDC tutorial
michielstock
1
370
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
SiteGround - Reliable hosting with speed, security, and support you can count on.
dimazhlobo
shindannin
nyafunta9858
rkaga
mickyp100
tosuri13
_hummer0724
daisuketakeda
gam0022
tsukamoto1783
javiergs
masahiro_nishimi
tasshi
morganepeng
csswizardry
jakevdp
varn
mojombo
marcduiker
nmsamuel
jct
sferik
charlesmeaden
keithpitt
michielstock
