Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Working with multiple domains
Search
Kristian PD
September 13, 2012
Programming
130
3
Share
Working with multiple domains
Brief overview of many considerations related to dealing with multiple domains.
Kristian PD
September 13, 2012
More Decks by Kristian PD
See All by Kristian PD
batman.js state of the union
kristianpd
1
160
Other Decks in Programming
See All in Programming
横断組織出身のQAEがインプロセスQAEでつまずいたこと・活かせたこと
ty89
0
160
Firefoxにコントリビューションして得られた学び
ken7253
2
170
AlarmKitで明後日起きれるアラームアプリを作る
trickart
0
140
Spec-Driven Development with AI-Agents: From High-Level Requirements to Working Software
antonarhipov
1
160
AI駆動開発勉強会 広島支部 第一回勉強会 AI駆動開発概要とワークショップ
hayatoshimiu
0
240
TypeSpec で繋ぐ複数プロダクトの型安全
maroon8021
1
130
「なんか〇〇ライブラリで脆弱性あるみたいなんだけど。。。」から始める脆弱性対応 / First Steps in Vulnerability Response
mackey0225
2
130
iOS26時代の新規アプリ開発
yuukiw00w
0
150
サークル参加から学ぶ、小さな事業の回し方
yuzneri
0
210
Are We Really Coding 10× Faster with AI?
kohzas
0
200
20260514_its_the_context_window_stupid.pdf
heita
0
1k
権限チェックの一貫性を型で守る TypeScript による多層防御
mnch
2
200
Featured
See All Featured
Believing is Seeing
oripsolob
1
130
4 Signs Your Business is Dying
shpigford
187
22k
Large-scale JavaScript Application Architecture
addyosmani
515
110k
The Invisible Side of Design
smashingmag
302
52k
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
61
44k
Groundhog Day: Seeking Process in Gaming for Health
codingconduct
0
180
Site-Speed That Sticks
csswizardry
13
1.2k
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
700
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
130k
Art, The Web, and Tiny UX
lynnandtonic
304
21k
Paper Plane (Part 1)
katiecoart
PRO
0
7.6k
A better future with KSS
kneath
240
18k
Transcript
WORKING WITH multiple DOMAINS Tuesday, 18 September, 12
What do we want to do? Tuesday, 18 September, 12
What do we want to do? track customers Tuesday, 18
September, 12
What do we want to do? track customers get external
content Tuesday, 18 September, 12
What do we want to do? track customers get external
content update data in realtime Tuesday, 18 September, 12
What can we use? Tuesday, 18 September, 12
What can we use? cookies Tuesday, 18 September, 12
What can we use? cookies pixels Tuesday, 18 September, 12
What can we use? cookies iframes pixels forms Tuesday, 18
September, 12
What can we use? cookies jsonp cors iframes pixels forms
Tuesday, 18 September, 12
can’t we all just get along? Tuesday, 18 September, 12
the internet is a mean place Tuesday, 18 September, 12
same origin policy Tuesday, 18 September, 12
http://shop.myshopify.com/admin Tuesday, 18 September, 12
http://shop.myshopify.com/admin protocol host (port) MUST MATCH Tuesday, 18 September, 12
it’s not that bad Tuesday, 18 September, 12
http != https Tuesday, 18 September, 12
http != https Tuesday, 18 September, 12
http != https Tuesday, 18 September, 12
http != https proxy Tuesday, 18 September, 12
<iframe> http != https Tuesday, 18 September, 12
<iframe> http != https http + https = Tuesday, 18
September, 12
<iframe> http != https http + https = https +
http = Tuesday, 18 September, 12
protocol independent URL http != https //shop.myshopify.com Tuesday, 18 September,
12
how can we use this? Tuesday, 18 September, 12
COOKIES Tuesday, 18 September, 12
Set-Cookie: foo=bar; Domain=.myshopify.com; Path=/; Expires=Fri, 14-Sep-2020; cookie data REVIEW Tuesday,
18 September, 12
Set-Cookie: foo=bar; Domain=.myshopify.com; Path=/; Expires=Fri, 14-Sep-2020; domain REVIEW Tuesday, 18
September, 12
Set-Cookie: foo=bar; Domain=.myshopify.com; Path=/; Expires=Fri, 14-Sep-2020; expiry REVIEW Tuesday, 18
September, 12
Set-Cookie: session_id=abc123; Domain=shop.myshopify.com; Path=/admin; Secure; HttpOnly https only REVIEW Tuesday,
18 September, 12
Set-Cookie: session_id=abc123; Domain=shop.myshopify.com; Path=/admin; Secure; HttpOnly no javascript REVIEW Tuesday,
18 September, 12
3rd party cookies Tuesday, 18 September, 12
3rd party cookies can be disabled Tuesday, 18 September, 12
<iframe> + <form> POST HACK Tuesday, 18 September, 12
cross-domain ...asynchronously Tuesday, 18 September, 12
JSONP JSON with Padding Tuesday, 18 September, 12
JSONP browser requests Tuesday, 18 September, 12
server renders JSON with Padding JSONP Tuesday, 18 September, 12
javascript is returned JSONP Tuesday, 18 September, 12
CORS Cross-origin-resource-sharing Tuesday, 18 September, 12
CORS Access-Control-Allow-Origin: https://shop.myshopify.com Tuesday, 18 September, 12
Access-Control-Allow-Headers: GET, POST, PUT, DELETE Content-Type: application/json CORS Access-Control-Allow-Origin: https://shop.myshopify.com
Tuesday, 18 September, 12
postMessage Tuesday, 18 September, 12
postMessage sending Tuesday, 18 September, 12
postMessage sending Reference to the other window Tuesday, 18 September,
12
postMessage sending Data you want to send Tuesday, 18 September,
12
postMessage sending Origin of the target window Tuesday, 18 September,
12
postMessage sending Origin of the target window be explicit, avoid
* Tuesday, 18 September, 12
postMessage receiving Tuesday, 18 September, 12
postMessage receiving be explicit, avoid * Tuesday, 18 September, 12
thanks Tuesday, 18 September, 12
kristianpd
ty89
ken7253
trickart
antonarhipov
hayatoshimiu
maroon8021
mackey0225
yuukiw00w
yuzneri
kohzas
heita
mnch
oripsolob
shpigford
addyosmani
smashingmag
rkaga
codingconduct
csswizardry
kimpetersen
pedronauck
lynnandtonic
katiecoart
kneath
