Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
74
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
140
Rails: The Good Parts
dimazhlobo
2
110
Ethereum Smart Contracts For Developers
dimazhlobo
0
93
Elasticsearch Introduction
dimazhlobo
0
730
Ruby Code Analisis
dimazhlobo
7
820
Other Decks in Programming
See All in Programming
Trem on Rails - Prompt Engineering com Ruby
elainenaomi
1
100
AI時代のUIはどこへ行く?
yusukebe
1
690
もうちょっといいRubyプロファイラを作りたい (2025)
osyoyu
0
220
STUNMESH-go: Wireguard NAT穿隧工具的源起與介紹
tjjh89017
0
390
TDD 実践ミニトーク
contour_gara
1
270
Microsoft Orleans, Daprのアクターモデルを使い効率的に開発、デプロイを行うためのSekibanの試行錯誤 / Sekiban: Exploring Efficient Development and Deployment with Microsoft Orleans and Dapr Actor Models
tomohisa
0
220
AWS発のAIエディタKiroを使ってみた
iriikeita
1
130
モバイルアプリからWebへの横展開を加速した話_Claude_Code_実践術.pdf
kazuyasakamoto
0
290
HTMLの品質ってなんだっけ? “HTMLクライテリア”の設計と実践
unachang113
0
290
TanStack DB ~状態管理の新しい考え方~
bmthd
2
370
DockerからECSへ 〜 AWSの海に出る前に知っておきたいこと 〜
ota1022
5
1.9k
A Gopher's Guide to Vibe Coding
danicat
0
200
Featured
See All Featured
Balancing Empowerment & Direction
lara
3
600
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
126
53k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.4k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3k
Raft: Consensus for Rubyists
vanstee
140
7.1k
Facilitating Awesome Meetings
lara
55
6.5k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
284
13k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
A Modern Web Designer's Workflow
chriscoyier
696
190k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.6k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
elainenaomi
yusukebe
osyoyu
tjjh89017
contour_gara
tomohisa
iriikeita
kazuyasakamoto
unachang113
bmthd
ota1022
danicat
lara
keithpitt
aki_iinuma
garrettdimon
thoeni
eileencodes
vanstee
stephaniewalter
marcelosomers
chriscoyier
productmarketing
