Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
71
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
110
Rails: The Good Parts
dimazhlobo
2
83
Ethereum Smart Contracts For Developers
dimazhlobo
0
70
Elasticsearch Introduction
dimazhlobo
0
700
Ruby Code Analisis
dimazhlobo
7
790
Other Decks in Programming
See All in Programming
menu基盤チームによるGoogle Cloudの活用事例~Application Integration, Cloud Tasks編~
yoshifumi_ishikura
0
110
RWC 2024 DICOM & ISO/IEC 2022
m_seki
0
210
今年一番支援させていただいたのは認証系サービスでした
satoshi256kbyte
1
260
コンテナをたくさん詰め込んだシステムとランタイムの変化
makihiro
1
130
これでLambdaが不要に?!Step FunctionsのJSONata対応について
iwatatomoya
2
3.7k
良いユニットテストを書こう
mototakatsu
8
2.4k
「Chatwork」Android版アプリを 支える単体テストの現在
okuzawats
0
180
モバイルアプリにおける自動テストの導入戦略
ostk0069
0
110
htmxって知っていますか?次世代のHTML
hiro_ghap1
0
340
Zoneless Testing
rainerhahnekamp
0
120
rails statsで大解剖 🔍 “B/43流” のRailsの育て方を歴史とともに振り返ります
shoheimitani
2
930
わたしの星のままで一番星になる ~ 出産を機にSIerからEC事業会社に転職した話 ~
kimura_m_29
0
180
Featured
See All Featured
The Invisible Side of Design
smashingmag
298
50k
[RailsConf 2023] Rails as a piece of cake
palkan
53
5k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
Become a Pro
speakerdeck
PRO
26
5k
Product Roadmaps are Hard
iamctodd
PRO
49
11k
Building a Scalable Design System with Sketch
lauravandoore
460
33k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
111
49k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
17
2.3k
Building Adaptive Systems
keathley
38
2.3k
How STYLIGHT went responsive
nonsquared
95
5.2k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?