Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
74
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
140
Rails: The Good Parts
dimazhlobo
2
120
Ethereum Smart Contracts For Developers
dimazhlobo
0
97
Elasticsearch Introduction
dimazhlobo
0
730
Ruby Code Analisis
dimazhlobo
7
830
Other Decks in Programming
See All in Programming
スキーマ駆動で、Zod OpenAPI Honoによる、API開発するために、Hono Takibiというライブラリを作っている
nakita628
0
270
ソフトウェア設計の実践的な考え方
masuda220
PRO
4
620
Go言語の特性を活かした公式MCP SDKの設計
hond0413
1
390
Server Side Kotlin Meetup vol.16: 内部動作を理解して ハイパフォーマンスなサーバサイド Kotlin アプリケーションを書こう
ternbusty
3
230
CSC509 Lecture 05
javiergs
PRO
0
310
Writing Better Go: Lessons from 10 Code Reviews
konradreiche
2
4.8k
品質ワークショップをやってみた
nealle
0
580
Devvox Belgium - Agentic AI Patterns
kdubois
1
130
overlayPreferenceValue で実現する ピュア SwiftUI な AdMob ネイティブ広告
uhucream
0
200
スマホから Youtube Shortsを見られないようにする
lemolatoon
27
33k
AI駆動で0→1をやって見えた光と伸びしろ
passion0102
1
650
他言語経験者が Golangci-lint を最初のコーディングメンターにした話 / How Golangci-lint Became My First Coding Mentor: A Story from a Polyglot Programmer
uma31
0
320
Featured
See All Featured
Six Lessons from altMBA
skipperchong
29
4k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Being A Developer After 40
akosma
91
590k
How STYLIGHT went responsive
nonsquared
100
5.8k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.2k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.5k
Building Applications with DynamoDB
mza
96
6.7k
Designing for humans not robots
tammielis
254
26k
Docker and Python
trallard
46
3.6k
The World Runs on Bad Software
bkeepers
PRO
72
11k
Art, The Web, and Tiny UX
lynnandtonic
303
21k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?