Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
77
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
160
Rails: The Good Parts
dimazhlobo
2
140
Ethereum Smart Contracts For Developers
dimazhlobo
0
120
Elasticsearch Introduction
dimazhlobo
0
750
Ruby Code Analisis
dimazhlobo
7
850
Other Decks in Programming
See All in Programming
AI主導でFastAPIのWebサービスを作るときに 人間が構造化すべき境界線
okajun35
0
460
Beyond the Basics: Signal Forms
manfredsteyer
PRO
0
110
AI駆動開発の本音 〜Claude Code並列開発で見えたエンジニアの新しい役割〜
hisuzuya
4
450
ご飯食べながらエージェントが開発できる。そう、Agentic Engineeringならね。
yokomachi
1
280
猫の手も借りたい!ので AIエージェント猫を作って社内に放した話 Claude Code × Container Lambda の Slack Bot "DevNeko"
naramomi7
0
230
CDIの誤解しがちな仕様とその対処TIPS
futokiyo
0
150
Python’s True Superpower
hynek
0
190
RAGでハマりがちな"Excelの罠"を、データの構造化で突破する
harumiweb
8
2.3k
AIとペアプロして処理時間を97%削減した話 #pyconshizu
kashewnuts
1
180
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
360
API Platformを活用したPHPによる本格的なWeb API開発 / api-platform-book-intro
ttskch
1
110
SourceGeneratorのマーカー属性問題について
htkym
0
120
Featured
See All Featured
KATA
mclloyd
PRO
35
15k
Stewardship and Sustainability of Urban and Community Forests
pwiseman
0
130
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
greggifford
PRO
0
93
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.6k
State of Search Keynote: SEO is Dead Long Live SEO
ryanjones
0
140
Making the Leap to Tech Lead
cromwellryan
135
9.7k
Building Adaptive Systems
keathley
44
2.9k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
2.3k
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
twada
PRO
117
110k
Accessibility Awareness
sabderemane
0
71
New Earth Scene 8
popppiees
1
1.7k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
360
30k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
okajun35
manfredsteyer
hisuzuya
yokomachi
naramomi7
futokiyo
hynek
harumiweb
kashewnuts
ivargrimstad
ttskch
htkym
mclloyd
pwiseman
greggifford
jcasabona
ryanjones
cromwellryan
keathley
garrettdimon
twada
sabderemane
popppiees
bermonpainter
