Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
74
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
130
Rails: The Good Parts
dimazhlobo
2
110
Ethereum Smart Contracts For Developers
dimazhlobo
0
90
Elasticsearch Introduction
dimazhlobo
0
730
Ruby Code Analisis
dimazhlobo
7
820
Other Decks in Programming
See All in Programming
AI Ramen Fight
yusukebe
0
130
あのころの iPod を どうにか再生させたい
orumin
2
2.3k
GUI操作LLMの最新動向: UI-TARSと関連論文紹介
kfujikawa
0
740
AIコーディングエージェント全社導入とセキュリティ対策
hikaruegashira
16
9.6k
管你要 trace 什麼、bpftrace 用下去就對了 — COSCUP 2025
shunghsiyu
0
360
#QiitaBash TDDで(自分の)開発がどう変わったか
ryosukedtomita
1
360
Claude Code で Astro blog を Pages から Workers へ移行してみた
codehex
0
180
Comparing decimals in Swift Testing
417_72ki
0
170
AIのメモリー
watany
13
1.4k
Dart 参戦!!静的型付き言語界の隠れた実力者
kno3a87
0
180
GitHub Copilotの全体像と活用のヒント AI駆動開発の最初の一歩
74th
7
2.3k
『リコリス・リコイル』に学ぶ!! 〜キャリア戦略における計画的偶発性理論と変わる勇気の重要性〜
wanko_it
1
400
Featured
See All Featured
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
22
1.4k
Thoughts on Productivity
jonyablonski
69
4.8k
Fireside Chat
paigeccino
38
3.6k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
YesSQL, Process and Tooling at Scale
rocio
173
14k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
53
2.9k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
18
1.1k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
110
19k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
Rebuilding a faster, lazier Slack
samanthasiow
83
9.1k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
yusukebe
orumin
kfujikawa
hikaruegashira
shunghsiyu
ryosukedtomita
codehex
417_72ki
watany
kno3a87
74th
wanko_it
honnibal
jonyablonski
paigeccino
cassininazir
rocio
tammyeverts
sergeychernyshev
panda_program
bluesmoon
samanthasiow
sugarenia
addyosmani
