Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cross-origin resource sharing

Avatar for Dmitry Zhlobo Dmitry Zhlobo
July 02, 2015
Programming
86
1

Cross-origin resource sharing

Avatar for Dmitry Zhlobo

Dmitry Zhlobo

July 02, 2015

More Decks by Dmitry Zhlobo

See All by Dmitry Zhlobo
Growing Rails Apps
Avatar for Dmitry Zhlobo dimazhlobo
1
180
Rails: The Good Parts
Avatar for Dmitry Zhlobo dimazhlobo
2
160
Ethereum Smart Contracts For Developers
Avatar for Dmitry Zhlobo dimazhlobo
0
130
Elasticsearch Introduction
Avatar for Dmitry Zhlobo dimazhlobo
0
770
Ruby Code Analisis
Avatar for Dmitry Zhlobo dimazhlobo
7
870

Other Decks in Programming

See All in Programming
TypeScript+Orvalで実現する型安全かつ堅牢でスケーラブルなマルチチャネル通知基盤 / TSKaigi Night talks ~after conference~
Avatar for doriven d0riven
0
320
RTSPクライアントを自作してみた話
Avatar for simotin13 simotin13
0
520
生成AI時代にこそ効くGo | Why Go Works in the Age of Generative AI
Avatar for mom0tomo mom0tomo
8
3.2k
Observability in Practice:Grafana 與 Edge Device SRE 的那些事
Avatar for Blueswen blueswen
0
150
OSもどきOS
Avatar for Sora Arakawa arkw
0
480
ADKを使って簡単にAIエージェントを作ってみよう
Avatar for K1mu21 k1mu21
0
250
決定論的オーケストレーションの設計と実装 / Design and Implementation of Deterministic Orchestration
Avatar for nrs nrslib
3
1.3k
過去最大のMCPアップデート! 2026-07-28 RC版の謎に迫る
Avatar for matsukada licux
6
220
作って学ぶ、 JSX (TSX) ランタイムの基本
Avatar for syumai syumai
7
1.6k
Modding RubyKaigi for Myself
Avatar for yui-knk yui_knk
0
910
技術記事、AIに書かせるか、自分で書くか? 〜それでも私が自分の手で書く理由〜 / #QiitaConference
Avatar for Junichi Ito jnchito
2
1.3k
IBM Bobを活用したレガシーアプリの最新化
Avatar for Akira Onishi (IBM) oniak3ibm
PRO
1
190

Featured

See All Featured
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
28
2.6k
Claude Code どこまでも/ Claude Code Everywhere
Avatar for nwiizo nwiizo
65
56k
Digital Ethics as a Driver of Design Innovation
Avatar for Per Axbom axbom
PRO
1
310
The agentic SEO stack - context over prompts
Avatar for schlessera schlessera
0
800
Unsuck your backbone
Avatar for Amy Palamountain ammeep
672
58k
AI: The stuff that nobody shows you
Avatar for John Nunemaker jnunemaker
PRO
8
700
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
Avatar for Tomoya Matsuura tomoyanonymous
2
850
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
Avatar for UX Y'all uxyall
0
310
Avoiding the “Bad Training, Faster” Trap in the Age of AI
Avatar for Mike Taylor tmiket
0
170
Public Speaking Without Barfing On Your Shoes - THAT 2023
Avatar for David Neal reverentgeek
1
420
Thoughts on Productivity
Avatar for Jon Yablonski jonyablonski
76
5.2k
Heart Work Chapter 1 - Part 1
Avatar for Lake Fama lfama
PRO
7
36k

Transcript

  1. CORS Cross-origin resource sharing

  2. Whitelist • <script> • <img> • <iframe> • <embed>

  3. But XMLHttpRequest

  4. XSS

  5. Same origin

  6. What to do? • WebSockets • Cross-document messaging • JSONP

    • CORS

  7. JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})

  8. CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:

    GET, POST

  9. CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •

    Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers

  10. Questions?