Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Working with multiple domains
Search
Kristian PD
September 13, 2012
Programming
3
130
Working with multiple domains
Brief overview of many considerations related to dealing with multiple domains.
Kristian PD
September 13, 2012
Tweet
Share
More Decks by Kristian PD
See All by Kristian PD
batman.js state of the union
kristianpd
1
160
Other Decks in Programming
See All in Programming
SQLアンチパターン第2版 データベースプログラミングで陥りがちな失敗とその対策 / Intro to SQL Antipatterns 2nd
twada
PRO
27
8k
AWS Summit Japan 2024と2025の比較/はじめてのKiro、今あなたは岐路に立つ
satoshi256kbyte
1
250
中級グラフィックス入門~効率的なメッシュレット描画~
projectasura
2
1.3k
Claude Code派?Gemini CLI派? みんなで比較LT会!_20250716
junholee
1
690
Vibe Codingの幻想を超えて-生成AIを現場で使えるようにするまでの泥臭い話.ai
fumiyakume
18
9.2k
階層化自動テストで開発に機動力を
ickx
1
420
AIのメモリー
watany
11
950
No Install CMS戦略 〜 5年先を見据えたフロントエンド開発を考える / no_install_cms
rdlabo
0
190
リッチエディターを安全に開発・運用するために
unachang113
1
240
The Modern View Layer Rails Deserves: A Vision For 2025 And Beyond @ RailsConf 2025, Philadelphia, PA
marcoroth
2
790
Jakarta EE Meets AI
ivargrimstad
0
270
Porting a visionOS App to Android XR
akkeylab
0
910
Featured
See All Featured
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
18
1k
GraphQLとの向き合い方2022年版
quramy
49
14k
The Straight Up "How To Draw Better" Workshop
denniskardys
235
140k
Agile that works and the tools we love
rasmusluckow
329
21k
Music & Morning Musume
bryan
46
6.7k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Git: the NoSQL Database
bkeepers
PRO
431
65k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Practical Orchestrator
shlominoach
189
11k
A better future with KSS
kneath
238
17k
Transcript
WORKING WITH multiple DOMAINS Tuesday, 18 September, 12
What do we want to do? Tuesday, 18 September, 12
What do we want to do? track customers Tuesday, 18
September, 12
What do we want to do? track customers get external
content Tuesday, 18 September, 12
What do we want to do? track customers get external
content update data in realtime Tuesday, 18 September, 12
What can we use? Tuesday, 18 September, 12
What can we use? cookies Tuesday, 18 September, 12
What can we use? cookies pixels Tuesday, 18 September, 12
What can we use? cookies iframes pixels forms Tuesday, 18
September, 12
What can we use? cookies jsonp cors iframes pixels forms
Tuesday, 18 September, 12
can’t we all just get along? Tuesday, 18 September, 12
the internet is a mean place Tuesday, 18 September, 12
same origin policy Tuesday, 18 September, 12
http://shop.myshopify.com/admin Tuesday, 18 September, 12
http://shop.myshopify.com/admin protocol host (port) MUST MATCH Tuesday, 18 September, 12
it’s not that bad Tuesday, 18 September, 12
http != https Tuesday, 18 September, 12
http != https Tuesday, 18 September, 12
http != https Tuesday, 18 September, 12
http != https proxy Tuesday, 18 September, 12
<iframe> http != https Tuesday, 18 September, 12
<iframe> http != https http + https = Tuesday, 18
September, 12
<iframe> http != https http + https = https +
http = Tuesday, 18 September, 12
protocol independent URL http != https //shop.myshopify.com Tuesday, 18 September,
12
how can we use this? Tuesday, 18 September, 12
COOKIES Tuesday, 18 September, 12
Set-Cookie: foo=bar; Domain=.myshopify.com; Path=/; Expires=Fri, 14-Sep-2020; cookie data REVIEW Tuesday,
18 September, 12
Set-Cookie: foo=bar; Domain=.myshopify.com; Path=/; Expires=Fri, 14-Sep-2020; domain REVIEW Tuesday, 18
September, 12
Set-Cookie: foo=bar; Domain=.myshopify.com; Path=/; Expires=Fri, 14-Sep-2020; expiry REVIEW Tuesday, 18
September, 12
Set-Cookie: session_id=abc123; Domain=shop.myshopify.com; Path=/admin; Secure; HttpOnly https only REVIEW Tuesday,
18 September, 12
Set-Cookie: session_id=abc123; Domain=shop.myshopify.com; Path=/admin; Secure; HttpOnly no javascript REVIEW Tuesday,
18 September, 12
3rd party cookies Tuesday, 18 September, 12
3rd party cookies can be disabled Tuesday, 18 September, 12
<iframe> + <form> POST HACK Tuesday, 18 September, 12
cross-domain ...asynchronously Tuesday, 18 September, 12
JSONP JSON with Padding Tuesday, 18 September, 12
JSONP browser requests Tuesday, 18 September, 12
server renders JSON with Padding JSONP Tuesday, 18 September, 12
javascript is returned JSONP Tuesday, 18 September, 12
CORS Cross-origin-resource-sharing Tuesday, 18 September, 12
CORS Access-Control-Allow-Origin: https://shop.myshopify.com Tuesday, 18 September, 12
Access-Control-Allow-Headers: GET, POST, PUT, DELETE Content-Type: application/json CORS Access-Control-Allow-Origin: https://shop.myshopify.com
Tuesday, 18 September, 12
postMessage Tuesday, 18 September, 12
postMessage sending Tuesday, 18 September, 12
postMessage sending Reference to the other window Tuesday, 18 September,
12
postMessage sending Data you want to send Tuesday, 18 September,
12
postMessage sending Origin of the target window Tuesday, 18 September,
12
postMessage sending Origin of the target window be explicit, avoid
* Tuesday, 18 September, 12
postMessage receiving Tuesday, 18 September, 12
postMessage receiving be explicit, avoid * Tuesday, 18 September, 12
thanks Tuesday, 18 September, 12