Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Dmitry Zhlobo
July 02, 2015
Programming
1
76
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
150
Rails: The Good Parts
dimazhlobo
2
130
Ethereum Smart Contracts For Developers
dimazhlobo
0
110
Elasticsearch Introduction
dimazhlobo
0
750
Ruby Code Analisis
dimazhlobo
7
840
Other Decks in Programming
See All in Programming
ぼくの開発環境2026
yuzneri
0
190
Patterns of Patterns
denyspoltorak
0
1.4k
【卒業研究】会話ログ分析によるユーザーごとの関心に応じた話題提案手法
momok47
0
190
余白を設計しフロントエンド開発を 加速させる
tsukuha
7
2.1k
登壇資料を作る時に意識していること #登壇資料_findy
konifar
4
1k
AI Agent Tool のためのバックエンドアーキテクチャを考える #encraft
izumin5210
6
1.8k
CSC307 Lecture 08
javiergs
PRO
0
670
Architectural Extensions
denyspoltorak
0
280
今から始めるClaude Code超入門
448jp
8
8.6k
AIフル活用時代だからこそ学んでおきたい働き方の心得
shinoyu
0
130
Automatic Grammar Agreementと Markdown Extended Attributes について
kishikawakatsumi
0
180
[KNOTS 2026登壇資料]AIで拡張‧交差する プロダクト開発のプロセス および携わるメンバーの役割
hisatake
0
270
Featured
See All Featured
Un-Boring Meetings
codingconduct
0
200
Are puppies a ranking factor?
jonoalderson
1
2.7k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.6k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.1k
Claude Code のすすめ
schroneko
67
210k
What’s in a name? Adding method to the madness
productmarketing
PRO
24
3.9k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.6k
Designing for Timeless Needs
cassininazir
0
130
Heart Work Chapter 1 - Part 1
lfama
PRO
5
35k
Building Applications with DynamoDB
mza
96
6.9k
SERP Conf. Vienna - Web Accessibility: Optimizing for Inclusivity and SEO
sarafernandez
1
1.3k
Being A Developer After 40
akosma
91
590k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
SiteGround - Reliable hosting with speed, security, and support you can count on.
dimazhlobo
yuzneri
denyspoltorak
momok47
tsukuha
konifar
izumin5210
javiergs
448jp
shinoyu
kishikawakatsumi
hisatake
codingconduct
jonoalderson
jcasabona
aleyda
schroneko
productmarketing
zakiyama
cassininazir
lfama
mza
sarafernandez
akosma
