Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
76
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
150
Rails: The Good Parts
dimazhlobo
2
120
Ethereum Smart Contracts For Developers
dimazhlobo
0
110
Elasticsearch Introduction
dimazhlobo
0
740
Ruby Code Analisis
dimazhlobo
7
830
Other Decks in Programming
See All in Programming
Graviton と Nitro と私
maroon1st
0
110
LT資料
t3tra
6
960
TestingOsaka6_Ozono
o3
0
170
tsgolintはいかにしてtypescript-goの非公開APIを呼び出しているのか
syumai
7
2.3k
Findy AI+の開発、運用におけるMCP活用事例
starfish719
0
1.5k
Claude Codeの「Compacting Conversation」を体感50%減! CLAUDE.md + 8 Skills で挑むコンテキスト管理術
kmurahama
1
560
組み合わせ爆発にのまれない - 責務分割 x テスト
halhorn
1
150
Github Copilotのチャット履歴ビューワーを作りました~WPF、dotnet10もあるよ~ #clrh111
katsuyuzu
0
120
宅宅自以為的浪漫:跟 AI 一起為自己辦的研討會寫一個售票系統
eddie
0
510
公共交通オープンデータ × モバイルUX 複雑な運行情報を 『直感』に変換する技術
tinykitten
PRO
0
150
令和最新版Android Studioで化石デバイス向けアプリを作る
arkw
0
420
Cap'n Webについて
yusukebe
0
140
Featured
See All Featured
Navigating Weather and Climate Data
rabernat
0
44
The Spectacular Lies of Maps
axbom
PRO
1
390
Believing is Seeing
oripsolob
0
11
YesSQL, Process and Tooling at Scale
rocio
174
15k
jQuery: Nuts, Bolts and Bling
dougneiner
65
8.3k
Git: the NoSQL Database
bkeepers
PRO
432
66k
[RailsConf 2023] Rails as a piece of cake
palkan
58
6.2k
Designing Powerful Visuals for Engaging Learning
tmiket
0
180
Agile Actions for Facilitating Distributed Teams - ADO2019
mkilby
0
86
Jess Joyce - The Pitfalls of Following Frameworks
techseoconnect
PRO
1
22
Context Engineering - Making Every Token Count
addyosmani
9
540
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
techseoconnect
PRO
0
29
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
maroon1st
t3tra
o3
syumai
starfish719
kmurahama
halhorn
katsuyuzu
eddie
tinykitten
arkw
yusukebe
rabernat
axbom
oripsolob
rocio
dougneiner
bkeepers
palkan
tmiket
mkilby
techseoconnect
addyosmani
