Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
72
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
110
Rails: The Good Parts
dimazhlobo
2
87
Ethereum Smart Contracts For Developers
dimazhlobo
0
70
Elasticsearch Introduction
dimazhlobo
0
700
Ruby Code Analisis
dimazhlobo
7
800
Other Decks in Programming
See All in Programming
アクターシステムに頼らずEvent Sourcingする方法について
j5ik2o
6
710
ドメインイベント増えすぎ問題
h0r15h0
2
570
Lookerは可視化だけじゃない。UIコンポーネントもあるんだ!
ymd65536
1
130
“あなた” の開発を支援する AI エージェント Bedrock Engineer / introducing-bedrock-engineer
gawa
6
560
Fibonacci Function Gallery - Part 2
philipschwarz
PRO
0
210
PHPUnitしか使ってこなかった 一般PHPerがPestに乗り換えた実録
mashirou1234
0
430
Flatt Security XSS Challenge 解答・解説
flatt_security
0
740
ある日突然あなたが管理しているサーバーにDDoSが来たらどうなるでしょう?知ってるようで何も知らなかったDDoS攻撃と対策 #phpcon.2024
akase244
2
7.7k
『改訂新版 良いコード/悪いコードで学ぶ設計入門』活用方法−爆速でスキルアップする!効果的な学習アプローチ / effective-learning-of-good-code
minodriven
28
4.3k
functionalなアプローチで動的要素を排除する
ryopeko
1
260
ESLintプラグインを使用してCDKのセオリーを適用する
yamanashi_ren01
2
250
Scaling your build logic
antalmonori
1
100
Featured
See All Featured
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
49
2.2k
StorybookのUI Testing Handbookを読んだ
zakiyama
28
5.4k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
30
2.1k
Large-scale JavaScript Application Architecture
addyosmani
510
110k
Rails Girls Zürich Keynote
gr2m
94
13k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Code Reviewing Like a Champion
maltzj
521
39k
GraphQLの誤解/rethinking-graphql
sonatard
68
10k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.2k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
132
33k
4 Signs Your Business is Dying
shpigford
182
22k
Java REST API Framework Comparison - PWX 2021
mraible
28
8.3k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
j5ik2o
h0r15h0
ymd65536
gawa
philipschwarz
mashirou1234
flatt_security
akase244
minodriven
ryopeko
yamanashi_ren01
antalmonori
tammyeverts
zakiyama
jcasabona
addyosmani
gr2m
danielanewman
maltzj
sonatard
productmarketing
eileencodes
shpigford
mraible
