Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Dmitry Zhlobo
July 02, 2015
Programming
82
1
Share
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
170
Rails: The Good Parts
dimazhlobo
2
150
Ethereum Smart Contracts For Developers
dimazhlobo
0
130
Elasticsearch Introduction
dimazhlobo
0
770
Ruby Code Analisis
dimazhlobo
7
860
Other Decks in Programming
See All in Programming
密結合なバックエンドから TypeScript のコードを生成する
kemuridama
1
330
tsserverとは何だったのか、これからどうなるのか
nowaki28
1
360
開発とはなにか、Essenceカーネルで見えるもの
ukin0k0
0
210
SPMマルチモジュールで テストカバレッジを取得する技法
yosshi4486
0
110
[BalkanRuby 2026] Drop your app/services!
palkan
3
670
継続的な負荷検証を目指して
pyama86
3
1.5k
いつか誰かが、と思っていた フロントエンド刷新5年間の実践知
kiichisugihara
1
300
~ 秘伝のタレ化した『神スプシ』と戦う ~ 関数型パラダイムで壊れない仕組みへ
h0r15h0
1
130
Moments When Things Go Wrong
aurimas
3
110
OCRを使ってゲームのアイテムをデータ化する
kishikawakatsumi
0
110
oxlintはeslint/typescript-eslintを置き換えられるのか
shomafujita
2
200
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
260
Featured
See All Featured
Building a Scalable Design System with Sketch
lauravandoore
463
34k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
122
21k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
350
The Limits of Empathy - UXLibs8
cassininazir
1
340
Mobile First: as difficult as doing things right
swwweet
225
10k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
So, you think you're a good person
axbom
PRO
2
2k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
287
14k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
28
3.5k
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
davidcarrasco
0
140
WCS-LA-2024
lcolladotor
0
600
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
baasie
0
360
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
SiteGround - Reliable hosting with speed, security, and support you can count on.
dimazhlobo
kemuridama
nowaki28
ukin0k0
yosshi4486
palkan
pyama86
kiichisugihara
h0r15h0
aurimas
kishikawakatsumi
shomafujita
ivargrimstad
lauravandoore
panda_program
akashhashmi
cassininazir
swwweet
caitiem20
axbom
stephaniewalter
eileencodes
davidcarrasco
lcolladotor
baasie
