Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
80
1
Share
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
160
Rails: The Good Parts
dimazhlobo
2
140
Ethereum Smart Contracts For Developers
dimazhlobo
0
120
Elasticsearch Introduction
dimazhlobo
0
760
Ruby Code Analisis
dimazhlobo
7
850
Other Decks in Programming
See All in Programming
実践ハーネスエンジニアリング #MOSHTech
kajitack
7
5.9k
SkillがSkillを生む:QA観点出しを自動化した
sontixyou
6
3.1k
Migration to Signals, Signal Forms, Resource API, and NgRx Signal Store @Angular Days 03/2026 Munich
manfredsteyer
PRO
0
240
AI時代の脳疲弊と向き合う ~言語学としてのPHP~
sakuraikotone
1
1.8k
「速くなった気がする」をデータで疑う
senleaf24
0
150
アーキテクチャモダナイゼーションとは何か
nwiizo
17
4.4k
AI時代のPhpStorm最新事情 #phpcon_odawara
yusuke
0
130
おれのAgentic Coding 2026/03
tsukasagr
1
140
へんな働き方
yusukebe
6
2.9k
KagglerがMixSeekを触ってみた
morim
0
370
Codex CLI でつくる、Issue から merge までの開発フロー
amata1219
0
330
Laravel Nightwatchの裏側 - Laravel公式Observabilityツールを支える設計と実装
avosalmon
1
320
Featured
See All Featured
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
1
340
jQuery: Nuts, Bolts and Bling
dougneiner
66
8.4k
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
120
Art, The Web, and Tiny UX
lynnandtonic
304
21k
Reflections from 52 weeks, 52 projects
jeffersonlam
356
21k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
287
14k
4 Signs Your Business is Dying
shpigford
187
22k
The Cost Of JavaScript in 2023
addyosmani
55
9.8k
The SEO Collaboration Effect
kristinabergwall1
0
420
Visualization
eitanlees
150
17k
Rebuilding a faster, lazier Slack
samanthasiow
85
9.4k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
kajitack
.jpeg){kind=avatar}
sontixyou
manfredsteyer
sakuraikotone
senleaf24
nwiizo
yusuke
tsukasagr
yusukebe
morim
amata1219
%20zoom.jpeg){kind=avatar}
avosalmon
jct
dougneiner
garrettdimon
marketingsoph
lynnandtonic
jeffersonlam
stephaniewalter
shpigford
addyosmani
kristinabergwall1
eitanlees
samanthasiow
