Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cross-origin resource sharing

Avatar for Dmitry Zhlobo Dmitry Zhlobo
July 02, 2015
Programming
1
76

Cross-origin resource sharing

Avatar for Dmitry Zhlobo

Dmitry Zhlobo

July 02, 2015
Tweet

More Decks by Dmitry Zhlobo

See All by Dmitry Zhlobo
Growing Rails Apps
Avatar for Dmitry Zhlobo dimazhlobo
1
150
Rails: The Good Parts
Avatar for Dmitry Zhlobo dimazhlobo
2
130
Ethereum Smart Contracts For Developers
Avatar for Dmitry Zhlobo dimazhlobo
0
110
Elasticsearch Introduction
Avatar for Dmitry Zhlobo dimazhlobo
0
750
Ruby Code Analisis
Avatar for Dmitry Zhlobo dimazhlobo
7
840

Other Decks in Programming

See All in Programming
AIによるイベントストーミング図からのコード生成 / AI-powered code generation from Event Storming diagrams
Avatar for nrs nrslib
2
1.9k
Apache Iceberg V3 and migration to V3
Avatar for Tomohiro Tanaka tomtanaka
0
160
AI によるインシデント初動調査の自動化を行う AI インシデントコマンダーを作った話
Avatar for azukiazusa azukiazusa1
1
710
FOSDEM 2026: STUNMESH-go: Building P2P WireGuard Mesh Without Self-Hosted Infrastructure
Avatar for Date Huang tjjh89017
0
160
SourceGeneratorのススメ
Avatar for tkym htkym
0
190
CSC307 Lecture 08
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
0
670
The Past, Present, and Future of Enterprise Java
Avatar for ivargrimstad ivargrimstad
0
540
AI巻き込み型コードレビューのススメ
Avatar for Nealle nealle
1
150
AIエージェント、”どう作るか”で差は出るか? / AI Agents: Does the "How" Make a Difference?
Avatar for r-kagaya rkaga
4
2k
Smart Handoff/Pickup ガイド - Claude Code セッション管理
Avatar for rasshii yukiigarashi
0
130
ThorVG Viewer In VS Code
Avatar for Nor-s nors
0
770
15年続くIoTサービスの SREエンジニアが挑む 分散トレーシング導入
Avatar for Melonps melonps
2
190

Featured

See All Featured
Ruling the World: When Life Gets Gamed
Avatar for Sebastian Deterding codingconduct
0
140
WCS-LA-2024
Avatar for Leonardo Collado-Torres lcolladotor
0
450
Designing for Timeless Needs
Avatar for Cassini Nazir cassininazir
0
130
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
304
21k
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
Avatar for Christian Goodrich cargoodrich
3
98
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
91
590k
Chasing Engaging Ingredients in Design
Avatar for Sebastian Deterding codingconduct
0
110
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
52
5.8k
What’s in a name? Adding method to the madness
Avatar for The Alliance productmarketing
PRO
24
3.9k
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
799
230k
A better future with KSS
Avatar for Kyle Neath kneath
240
18k
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
Avatar for Kenny Baas-Schwegler baasie
0
450

Transcript

  1. CORS Cross-origin resource sharing

  2. Whitelist • <script> • <img> • <iframe> • <embed>

  3. But XMLHttpRequest

  4. XSS

  5. Same origin

  6. What to do? • WebSockets • Cross-document messaging • JSONP

    • CORS

  7. JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})

  8. CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:

    GET, POST

  9. CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •

    Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers

  10. Questions?