Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
88
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
180
Rails: The Good Parts
dimazhlobo
2
160
Ethereum Smart Contracts For Developers
dimazhlobo
0
130
Elasticsearch Introduction
dimazhlobo
0
770
Ruby Code Analisis
dimazhlobo
7
870
Other Decks in Programming
See All in Programming
その問い、本当に正しいですか?AI時代のエンジニアに必要な哲学と認知科学 / ai-philosophy-cognitive-science
minodriven
14
6.5k
The NotImplementedError Problem in Ruby
koic
1
1k
Creating Composable Callables in Contemporary C++
rollbear
0
180
act1-costs.pdf
sumedhbala
0
140
正しくソフトウェアを作る、前提を疑うための認知の視点 / doubt-premise
minodriven
21
7.2k
Hunting Vulnerabilities in Symfony with LLMs
vinceamstoutz
0
570
Vue × Nuxt × Oxc どこまで使える?実運用の現在地
andpad
0
330
キャリア迷子上等 ─ "ない道"は自分で作ればいい
16bitidol
3
2.7k
ローカルLLMでどこまでコードが書けるか -拡張版 / How much code can be written on a local LLM Extended
kishida
12
4.6k
これからAgentCoreを触る方へトレンドはGatewayです
har1101
6
450
dRuby over BLE
makicamel
2
400
AIを活用したE2Eテスト実装効率化のあゆみ / ebisu-mobile-14-kotetu
kotetuco
0
150
Featured
See All Featured
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.8k
世界の人気アプリ100個を分析して見えたペイウォール設計の心得
akihiro_kokubo
PRO
72
40k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
340
Prompt Engineering for Job Search
mfonobong
0
360
Why Our Code Smells
bkeepers
PRO
340
58k
What the history of the web can teach us about the future of AI
inesmontani
PRO
1
630
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.5k
Testing 201, or: Great Expectations
jmmastey
46
8.2k
Evolving SEO for Evolving Search Engines
ryanjones
0
230
Designing for Performance
lara
611
70k
A designer walks into a library…
pauljervisheath
211
24k
What’s in a name? Adding method to the madness
productmarketing
PRO
24
4.1k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?