Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cross-origin resource sharing

Avatar for Dmitry Zhlobo Dmitry Zhlobo
July 02, 2015
Programming
1
74

Cross-origin resource sharing

Avatar for Dmitry Zhlobo

Dmitry Zhlobo

July 02, 2015
Tweet

More Decks by Dmitry Zhlobo

See All by Dmitry Zhlobo
Growing Rails Apps
Avatar for Dmitry Zhlobo dimazhlobo
1
130
Rails: The Good Parts
Avatar for Dmitry Zhlobo dimazhlobo
2
110
Ethereum Smart Contracts For Developers
Avatar for Dmitry Zhlobo dimazhlobo
0
86
Elasticsearch Introduction
Avatar for Dmitry Zhlobo dimazhlobo
0
720
Ruby Code Analisis
Avatar for Dmitry Zhlobo dimazhlobo
7
820

Other Decks in Programming

See All in Programming
たった 1 枚の PHP ファイルで実装する MCP サーバ / MCP Server with Vanilla PHP
Avatar for Shohei Okada okashoi
1
260
NPOでのDevinの活用
Avatar for みんなのコード codeforeveryone
0
840
スタートアップの急成長を支えるプラットフォームエンジニアリングと組織戦略
Avatar for Yusuke Suto sutochin26
1
5.9k
Discover Metal 4
Avatar for rei rei315
2
140
RailsGirls IZUMO スポンサーLT
Avatar for 16bit_idol 16bitidol
0
190
VS Code Update for GitHub Copilot
Avatar for 74th(Atsushi Morimoto) 74th
2
650
Flutterで備える!Accessibility Nutrition Labels完全ガイド
Avatar for 野瀬田 裕樹 yuukiw00w
0
160
GitHub Copilot and GitHub Codespaces Hands-on
Avatar for Kento.Yamada ymd65536
2
150
Webの外へ飛び出せ NativePHPが切り拓くPHPの未来
Avatar for Takuya Katsusa takuyakatsusa
2
560
Rails Frontend Evolution: It Was a Setup All Along
Avatar for Svyatoslav Kryukov skryukov
0
150
AI時代の『改訂新版 良いコード/悪いコードで学ぶ設計入門』 / ai-good-code-bad-code
Avatar for MinoDriven minodriven
15
6k
チームのテスト力を総合的に鍛えて品質、スピード、レジリエンスを共立させる/Testing approach that improves quality, speed, and resilience
Avatar for Hiroki Iseri goyoki
5
890

Featured

See All Featured
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
126
53k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
54
6.4k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1031
460k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
1
430
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
301
51k
Building a Modern Day 
E-commerce SEO Strategy
Avatar for Aleyda Solis aleyda
42
7.4k
Performance Is Good for Brains [We Love Speed 2024]
Avatar for Tammy Everts tammyeverts
10
960
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
329
21k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
233
17k
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
248
1.3M
The Straight Up "How To Draw Better" Workshop
Avatar for Dennis Kardys denniskardys
234
140k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
331
22k

Transcript

  1. CORS Cross-origin resource sharing

  2. Whitelist • <script> • <img> • <iframe> • <embed>

  3. But XMLHttpRequest

  4. XSS

  5. Same origin

  6. What to do? • WebSockets • Cross-document messaging • JSONP

    • CORS

  7. JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})

  8. CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:

    GET, POST

  9. CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •

    Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers

  10. Questions?