$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
76
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
150
Rails: The Good Parts
dimazhlobo
2
120
Ethereum Smart Contracts For Developers
dimazhlobo
0
110
Elasticsearch Introduction
dimazhlobo
0
740
Ruby Code Analisis
dimazhlobo
7
830
Other Decks in Programming
See All in Programming
SwiftUIで本格音ゲー実装してみた
hypebeans
0
420
LLMで複雑な検索条件アセットから脱却する!! 生成的検索インタフェースの設計論
po3rin
3
830
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
160
dotfiles 式年遷宮 令和最新版
masawada
1
790
これならできる!個人開発のすゝめ
tinykitten
PRO
0
110
20 years of Symfony, what's next?
fabpot
2
370
認証・認可の基本を学ぼう後編
kouyuume
0
240
チームをチームにするEM
hitode909
0
340
AIコードレビューがチームの"文脈"を 読めるようになるまで
marutaku
0
360
AIコーディングエージェント(Manus)
kondai24
0
190
LLM Çağında Backend Olmak: 10 Milyon Prompt'u Milisaniyede Sorgulamak
selcukusta
0
120
DevFest Android in Korea 2025 - 개발자 커뮤니티를 통해 얻는 가치
wisemuji
0
150
Featured
See All Featured
Unsuck your backbone
ammeep
671
58k
How GitHub (no longer) Works
holman
316
140k
4 Signs Your Business is Dying
shpigford
186
22k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.1k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.1k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3.3k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
196
70k
Leading Effective Engineering Teams in the AI Era
addyosmani
9
1.3k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.3k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Art, The Web, and Tiny UX
lynnandtonic
304
21k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
hypebeans
po3rin
ivargrimstad
masawada
tinykitten
fabpot
kouyuume
hitode909
marutaku
kondai24
selcukusta
wisemuji
ammeep
holman
shpigford
tammyeverts
irinanazarova
eileencodes
soudai
addyosmani
tanoku
sergeychernyshev
malarkey
lynnandtonic
