Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
75
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
140
Rails: The Good Parts
dimazhlobo
2
120
Ethereum Smart Contracts For Developers
dimazhlobo
0
100
Elasticsearch Introduction
dimazhlobo
0
740
Ruby Code Analisis
dimazhlobo
7
830
Other Decks in Programming
See All in Programming
組み合わせ爆発にのまれない - 責務分割 x テスト
halhorn
1
120
ローターアクトEクラブ アメリカンナイト:川端 柚菜 氏(Japan O.K. ローターアクトEクラブ 会長):2720 Japan O.K. ロータリーEクラブ2025年12月1日卓話
2720japanoke
0
710
Tinkerbellから学ぶ、Podで DHCPをリッスンする手法
tomokon
0
110
AWS CDKの推しポイントN選
akihisaikeda
1
240
Reactive Thinking with Signals and the new Resource API
manfredsteyer
PRO
0
170
ゲームの物理 剛体編
fadis
0
290
dnx で実行できるコマンド、作ってみました
tomohisa
0
140
エディターってAIで操作できるんだぜ
kis9a
0
690
251126 TestState APIってなんだっけ?Step Functionsテストどう変わる?
east_takumi
0
300
CSC509 Lecture 14
javiergs
PRO
0
220
NUMA環境とコンテナランタイム ― youki における Linux Memory Policy 実装
n4mlz
1
210
AIコーディングエージェント(NotebookLM)
kondai24
0
150
Featured
See All Featured
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
1
89
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
140
34k
Mobile First: as difficult as doing things right
swwweet
225
10k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
Embracing the Ebb and Flow
colly
88
4.9k
The Cost Of JavaScript in 2023
addyosmani
55
9.3k
Done Done
chrislema
186
16k
Balancing Empowerment & Direction
lara
5
790
BBQ
matthewcrist
89
9.9k
Building an army of robots
kneath
306
46k
Large-scale JavaScript Application Architecture
addyosmani
514
110k
Designing Experiences People Love
moore
143
24k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
halhorn
2720japanoke
tomokon
akihisaikeda
manfredsteyer
fadis
tomohisa
kis9a
east_takumi
javiergs
n4mlz
kondai24
tammyeverts
eileencodes
swwweet
afnizarnur
colly
addyosmani
chrislema
lara
matthewcrist
kneath
moore
