Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cross-origin resource sharing

Avatar for Dmitry Zhlobo Dmitry Zhlobo
July 02, 2015
Programming
1
74

Cross-origin resource sharing

Avatar for Dmitry Zhlobo

Dmitry Zhlobo

July 02, 2015
Tweet

More Decks by Dmitry Zhlobo

See All by Dmitry Zhlobo
Growing Rails Apps
Avatar for Dmitry Zhlobo dimazhlobo
1
140
Rails: The Good Parts
Avatar for Dmitry Zhlobo dimazhlobo
2
120
Ethereum Smart Contracts For Developers
Avatar for Dmitry Zhlobo dimazhlobo
0
98
Elasticsearch Introduction
Avatar for Dmitry Zhlobo dimazhlobo
0
740
Ruby Code Analisis
Avatar for Dmitry Zhlobo dimazhlobo
7
830

Other Decks in Programming

See All in Programming
Eloquentを使ってどこまでコードの治安を保てるのか?を新人が考察してみた
Avatar for ito_kohhh itokoh0405
0
3.1k
Functional Calisthenics in Kotlin: Kotlinで「関数型エクササイズ」を実践しよう
Avatar for Kent OHASHI lagenorhynque
0
110
MCPサーバー「モディフィウス」で変更容易性の向上をスケールする / modifius
Avatar for MinoDriven minodriven
7
1.4k
ビルドプロセスをデバッグしよう!
Avatar for Yuta Tomiyama yt8492
0
280
問題の見方を変える「システム思考」超入門
Avatar for panda_program panda_program
0
190
What’s Fair is FAIR: A Decentralised Future for WordPress Distribution
Avatar for Ryan McCue rmccue
0
150
自動テストを活かすためのテスト分析・テスト設計の進め方/JaSST25 Shikoku
Avatar for Hiroki Iseri goyoki
1
540
業務でAIを使いたい話
Avatar for hnw hnw
0
260
Designing Repeatable Edits: The Architecture of . in Vim
Avatar for Satoru Kitaguchi satorunooshie
0
260
Vueのバリデーション、結局どれを選べばいい? ― 自作バリデーションの限界と、脱却までの道のり ― / Which Vue Validation Library Should We Really Use? The Limits of Self-Made Validation and How I Finally Moved On
Avatar for ねぎなす neginasu
3
1.8k
CSC509 Lecture 11
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
0
300
AIを駆使して新しい技術を効率的に理解する方法
Avatar for nogu nogu66
0
570

Featured

See All Featured
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
9
660
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
24
1.5k
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
49
3.2k
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
32
1.2k
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
28
2.3k
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.3k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
340
57k
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
21
1.2k
BBQ
Avatar for Matthew Crist matthewcrist
89
9.9k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
234
18k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
180
10k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
359
30k

Transcript

  1. CORS Cross-origin resource sharing

  2. Whitelist • <script> • <img> • <iframe> • <embed>

  3. But XMLHttpRequest

  4. XSS

  5. Same origin

  6. What to do? • WebSockets • Cross-document messaging • JSONP

    • CORS

  7. JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})

  8. CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:

    GET, POST

  9. CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •

    Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers

  10. Questions?