Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cross-origin resource sharing

Avatar for Dmitry Zhlobo Dmitry Zhlobo
July 02, 2015
Programming
1
74

Cross-origin resource sharing

Avatar for Dmitry Zhlobo

Dmitry Zhlobo

July 02, 2015
Tweet

More Decks by Dmitry Zhlobo

See All by Dmitry Zhlobo
Growing Rails Apps
Avatar for Dmitry Zhlobo dimazhlobo
1
130
Rails: The Good Parts
Avatar for Dmitry Zhlobo dimazhlobo
2
110
Ethereum Smart Contracts For Developers
Avatar for Dmitry Zhlobo dimazhlobo
0
86
Elasticsearch Introduction
Avatar for Dmitry Zhlobo dimazhlobo
0
720
Ruby Code Analisis
Avatar for Dmitry Zhlobo dimazhlobo
7
820

Other Decks in Programming

See All in Programming
Rails Frontend Evolution: It Was a Setup All Along
Avatar for Svyatoslav Kryukov skryukov
0
150
AI時代のソフトウェア開発を考える(2025/07版) / Agentic Software Engineering Findy 2025-07 Edition
Avatar for Takuto Wada twada
PRO
88
30k
第9回 情シス転職ミートアップ 株式会社IVRy(アイブリー)の紹介
Avatar for 株式会社IVRy(社員登壇資料) ivry_presentationmaterials
1
320
Systèmes distribués, pour le meilleur et pour le pire - BreizhCamp 2025 - Conférence
Avatar for Sébastien LECACHEUR slecache
0
120
LT 2025-06-30: プロダクトエンジニアの役割
Avatar for Keisuke Yamamoto yamamotok
0
760
Hack Claude Code with Claude Code
Avatar for Akihiro Okuno choplin
4
2.1k
Result型で“失敗”を型にするPHPコードの書き方
Avatar for Takuma Kajikawa kajitack
5
900
5つのアンチパターンから学ぶLT設計
Avatar for Narihara narihara
1
170
Railsアプリケーションと パフォーマンスチューニング ー 秒間5万リクエストの モバイルオーダーシステムを支える事例 ー Rubyセミナー 大阪
Avatar for Hayato OKUMOTO falcon8823
5
1.1k
Code as Context 〜 1にコードで 2にリンタ 34がなくて 5にルール? 〜
Avatar for Yoda Keisuke yodakeisuke
0
130
Team operations that are not burdened by SRE
Avatar for zosokh kazatohiei
1
310
iOS 26にアップデートすると実機でのHot Reloadができない?
Avatar for Aoi Umigishi umigishiaoi
0
130

Featured

See All Featured
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.3k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
50
5.5k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
246
12k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
5.6k
Typedesign – Prime Four
Avatar for Hannes Fritz hannesfritz
42
2.7k
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
329
21k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
231
18k
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
25
1.7k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
44
2.4k
Put a Button on it: Removing Barriers to Going Fast.
Avatar for kastner kastner
60
3.9k
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
36
2.8k
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
15
1.5k

Transcript

  1. CORS Cross-origin resource sharing

  2. Whitelist • <script> • <img> • <iframe> • <embed>

  3. But XMLHttpRequest

  4. XSS

  5. Same origin

  6. What to do? • WebSockets • Cross-document messaging • JSONP

    • CORS

  7. JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})

  8. CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:

    GET, POST

  9. CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •

    Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers

  10. Questions?