Working with multiple domains

Transcript

1. WORKING WITH multiple DOMAINS Tuesday, 18 September, 12

2. What do we want to do? Tuesday, 18 September, 12

3. What do we want to do? track customers Tuesday, 18

   September, 12

4. What do we want to do? track customers get external

   content Tuesday, 18 September, 12

5. What do we want to do? track customers get external

   content update data in realtime Tuesday, 18 September, 12

6. What can we use? Tuesday, 18 September, 12

7. What can we use? cookies Tuesday, 18 September, 12

8. What can we use? cookies pixels Tuesday, 18 September, 12

9. What can we use? cookies iframes pixels forms Tuesday, 18

   September, 12

10. What can we use? cookies jsonp cors iframes pixels forms

    Tuesday, 18 September, 12

11. can’t we all just get along? Tuesday, 18 September, 12

12. the internet is a mean place Tuesday, 18 September, 12

13. same origin policy Tuesday, 18 September, 12

14. http://shop.myshopify.com/admin Tuesday, 18 September, 12

15. http://shop.myshopify.com/admin protocol host (port) MUST MATCH Tuesday, 18 September, 12

16. it’s not that bad Tuesday, 18 September, 12

17. http != https Tuesday, 18 September, 12

18. http != https Tuesday, 18 September, 12

19. http != https Tuesday, 18 September, 12

20. http != https proxy Tuesday, 18 September, 12

21. <iframe> http != https Tuesday, 18 September, 12

22. <iframe> http != https http + https = Tuesday, 18

    September, 12

23. <iframe> http != https http + https = https +

    http = Tuesday, 18 September, 12

24. protocol independent URL http != https //shop.myshopify.com Tuesday, 18 September,

    12

25. how can we use this? Tuesday, 18 September, 12

26. COOKIES Tuesday, 18 September, 12

27. Set-Cookie: foo=bar; Domain=.myshopify.com; Path=/; Expires=Fri, 14-Sep-2020; cookie data REVIEW Tuesday,

    18 September, 12

28. Set-Cookie: foo=bar; Domain=.myshopify.com; Path=/; Expires=Fri, 14-Sep-2020; domain REVIEW Tuesday, 18

    September, 12

29. Set-Cookie: foo=bar; Domain=.myshopify.com; Path=/; Expires=Fri, 14-Sep-2020; expiry REVIEW Tuesday, 18

    September, 12

30. Set-Cookie: session_id=abc123; Domain=shop.myshopify.com; Path=/admin; Secure; HttpOnly https only REVIEW Tuesday,

    18 September, 12

31. Set-Cookie: session_id=abc123; Domain=shop.myshopify.com; Path=/admin; Secure; HttpOnly no javascript REVIEW Tuesday,

    18 September, 12

32. 3rd party cookies Tuesday, 18 September, 12

33. 3rd party cookies can be disabled Tuesday, 18 September, 12

34. <iframe> + <form> POST HACK Tuesday, 18 September, 12

35. cross-domain ...asynchronously Tuesday, 18 September, 12

36. JSONP JSON with Padding Tuesday, 18 September, 12

37. JSONP browser requests Tuesday, 18 September, 12

38. server renders JSON with Padding JSONP Tuesday, 18 September, 12

39. javascript is returned JSONP Tuesday, 18 September, 12

40. CORS Cross-origin-resource-sharing Tuesday, 18 September, 12

41. CORS Access-Control-Allow-Origin: https://shop.myshopify.com Tuesday, 18 September, 12

42. Access-Control-Allow-Headers: GET, POST, PUT, DELETE Content-Type: application/json CORS Access-Control-Allow-Origin: https://shop.myshopify.com

    Tuesday, 18 September, 12

43. postMessage Tuesday, 18 September, 12

44. postMessage sending Tuesday, 18 September, 12

45. postMessage sending Reference to the other window Tuesday, 18 September,

    12

46. postMessage sending Data you want to send Tuesday, 18 September,

    12

47. postMessage sending Origin of the target window Tuesday, 18 September,

    12

48. postMessage sending Origin of the target window be explicit, avoid

    * Tuesday, 18 September, 12

49. postMessage receiving Tuesday, 18 September, 12

50. postMessage receiving be explicit, avoid * Tuesday, 18 September, 12

51. thanks Tuesday, 18 September, 12