Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
72
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
110
Rails: The Good Parts
dimazhlobo
2
90
Ethereum Smart Contracts For Developers
dimazhlobo
0
72
Elasticsearch Introduction
dimazhlobo
0
710
Ruby Code Analisis
dimazhlobo
7
810
Other Decks in Programming
See All in Programming
2024年のkintone API振り返りと2025年 / kintone API look back in 2024
tasshi
0
220
昭和の職場からアジャイルの世界へ
kumagoro95
1
380
Linux && Docker 研修/Linux && Docker training
forrep
24
4.5k
Kubernetes History Inspector(KHI)を触ってみた
bells17
0
230
SwiftUI Viewの責務分離
elmetal
PRO
1
240
なぜイベント駆動が必要なのか - CQRS/ESで解く複雑系システムの課題 -
j5ik2o
12
4.1k
1年目の私に伝えたい!テストコードを怖がらなくなるためのヒント/Tips for not being afraid of test code
push_gawa
0
210
ARA Ansible for the teams
kksat
0
150
データベースのオペレーターであるCloudNativePGがStatefulSetを使わない理由に迫る
nnaka2992
0
170
Ruby on cygwin 2025-02
fd0
0
150
Rails アプリ地図考 Flush Cut
makicamel
1
120
時計仕掛けのCompose
mkeeda
1
300
Featured
See All Featured
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.3k
Designing for humans not robots
tammielis
250
25k
A Philosophy of Restraint
colly
203
16k
What's in a price? How to price your products and services
michaelherold
244
12k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Facilitating Awesome Meetings
lara
52
6.2k
Making the Leap to Tech Lead
cromwellryan
133
9.1k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Rebuilding a faster, lazier Slack
samanthasiow
80
8.8k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.1k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
tasshi
kumagoro95
forrep
bells17
elmetal
j5ik2o
push_gawa
kksat
nnaka2992
fd0
makicamel
mkeeda
philnash
hatefulcrawdad
productmarketing
tammielis
colly
michaelherold
keithpitt
lara
cromwellryan
destraynor
samanthasiow
jcasabona
