Working with multiple domains

WORKING WITH multiple DOMAINS Tuesday, 18 September, 12

What do we want to do? Tuesday, 18 September, 12

What do we want to do? track customers Tuesday, 18
September, 12

What do we want to do? track customers get external
content Tuesday, 18 September, 12

What do we want to do? track customers get external
content update data in realtime Tuesday, 18 September, 12

What can we use? Tuesday, 18 September, 12

What can we use? cookies Tuesday, 18 September, 12

What can we use? cookies pixels Tuesday, 18 September, 12

What can we use? cookies iframes pixels forms Tuesday, 18
September, 12

What can we use? cookies jsonp cors iframes pixels forms
Tuesday, 18 September, 12

can’t we all just get along? Tuesday, 18 September, 12

the internet is a mean place Tuesday, 18 September, 12

same origin policy Tuesday, 18 September, 12

http://shop.myshopify.com/admin Tuesday, 18 September, 12

http://shop.myshopify.com/admin protocol host (port) MUST MATCH Tuesday, 18 September, 12

it’s not that bad Tuesday, 18 September, 12

http != https Tuesday, 18 September, 12

http != https proxy Tuesday, 18 September, 12

protocol independent URL http != https //shop.myshopify.com Tuesday, 18 September,
12

how can we use this? Tuesday, 18 September, 12

COOKIES Tuesday, 18 September, 12

Set-Cookie: foo=bar; Domain=.myshopify.com; Path=/; Expires=Fri, 14-Sep-2020; cookie data REVIEW Tuesday,
18 September, 12

Set-Cookie: foo=bar; Domain=.myshopify.com; Path=/; Expires=Fri, 14-Sep-2020; domain REVIEW Tuesday, 18
September, 12

Set-Cookie: foo=bar; Domain=.myshopify.com; Path=/; Expires=Fri, 14-Sep-2020; expiry REVIEW Tuesday, 18
September, 12

Set-Cookie: session_id=abc123; Domain=shop.myshopify.com; Path=/admin; Secure; HttpOnly https only REVIEW Tuesday,
18 September, 12

Set-Cookie: session_id=abc123; Domain=shop.myshopify.com; Path=/admin; Secure; HttpOnly no javascript REVIEW Tuesday,
18 September, 12

3rd party cookies Tuesday, 18 September, 12

3rd party cookies can be disabled Tuesday, 18 September, 12

cross-domain ...asynchronously Tuesday, 18 September, 12

JSONP JSON with Padding Tuesday, 18 September, 12

JSONP browser requests Tuesday, 18 September, 12

server renders JSON with Padding JSONP Tuesday, 18 September, 12

javascript is returned JSONP Tuesday, 18 September, 12

CORS Cross-origin-resource-sharing Tuesday, 18 September, 12

CORS Access-Control-Allow-Origin: https://shop.myshopify.com Tuesday, 18 September, 12

Access-Control-Allow-Headers: GET, POST, PUT, DELETE Content-Type: application/json CORS Access-Control-Allow-Origin: https://shop.myshopify.com
Tuesday, 18 September, 12

postMessage Tuesday, 18 September, 12

postMessage sending Tuesday, 18 September, 12

postMessage sending Reference to the other window Tuesday, 18 September,
12

postMessage sending Data you want to send Tuesday, 18 September,
12

postMessage sending Origin of the target window Tuesday, 18 September,
12

postMessage sending Origin of the target window be explicit, avoid
* Tuesday, 18 September, 12

postMessage receiving Tuesday, 18 September, 12

postMessage receiving be explicit, avoid * Tuesday, 18 September, 12

thanks Tuesday, 18 September, 12

Working with multiple domains

Working with multiple domains

More Decks by Kristian PD

Other Decks in Programming

Featured

Transcript