Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
71
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
100
Rails: The Good Parts
dimazhlobo
2
77
Ethereum Smart Contracts For Developers
dimazhlobo
0
67
Elasticsearch Introduction
dimazhlobo
0
690
Ruby Code Analisis
dimazhlobo
7
790
Other Decks in Programming
See All in Programming
役立つログに取り組もう
irof
28
9.6k
Figma Dev Modeで変わる!Flutterの開発体験
watanave
0
110
광고 소재 심사 과정에 AI를 도입하여 광고 서비스 생산성 향상시키기
kakao
PRO
0
170
どうして僕の作ったクラスが手続き型と言われなきゃいけないんですか
akikogoto
1
120
Contemporary Test Cases
maaretp
0
140
2024/11/8 関西Kaggler会 2024 #3 / Kaggle Kernel で Gemma 2 × vLLM を動かす。
kohecchi
5
920
CSC509 Lecture 13
javiergs
PRO
0
100
Outline View in SwiftUI
1024jp
1
330
.NET のための通信フレームワーク MagicOnion 入門 / Introduction to MagicOnion
mayuki
1
1.5k
카카오페이는 어떻게 수천만 결제를 처리할까? 우아한 결제 분산락 노하우
kakao
PRO
0
110
弊社の「意識チョット低いアーキテクチャ」10選
texmeijin
5
24k
AI時代におけるSRE、 あるいはエンジニアの生存戦略
pyama86
6
1.1k
Featured
See All Featured
Building Your Own Lightsaber
phodgson
103
6.1k
Done Done
chrislema
181
16k
How STYLIGHT went responsive
nonsquared
95
5.2k
Happy Clients
brianwarren
98
6.7k
For a Future-Friendly Web
brad_frost
175
9.4k
Typedesign – Prime Four
hannesfritz
40
2.4k
Faster Mobile Websites
deanohume
305
30k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
The Invisible Side of Design
smashingmag
298
50k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
44
2.2k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
irof
watanave
kakao
akikogoto
maaretp
kohecchi
javiergs
1024jp
mayuki
texmeijin
pyama86
phodgson
chrislema
nonsquared
brianwarren
brad_frost
hannesfritz
deanohume
afnizarnur
smashingmag
soudai
tammyeverts
chriscoyier
