Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cross-origin resource sharing

Dmitry Zhlobo
July 02, 2015
Programming
1
74

Cross-origin resource sharing

Dmitry Zhlobo

July 02, 2015
Tweet

More Decks by Dmitry Zhlobo

See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
120
Rails: The Good Parts
dimazhlobo
2
99
Ethereum Smart Contracts For Developers
dimazhlobo
0
79
Elasticsearch Introduction
dimazhlobo
0
720
Ruby Code Analisis
dimazhlobo
7
810

Other Decks in Programming

See All in Programming
アプリを起動せずにアプリを開発して品質と生産性を上げる
ishkawa
0
2.6k
「影響が少ない」を自分の目でみてみる
o0h
PRO
2
990
Devin入門と最近のアップデートから見るDevinの進化 / Introduction to Devin and the Evolution of Devin as Seen in Recent Update
rkaga
9
4.8k
Code smarter, not harder - How AI Coding Tools Boost Your Productivity | Webinar 2025
danielsogl
0
120
Enterprise Web App. Development (1): Build Tool Training Ver. 5
knakagawa
1
110
SwiftUI API Design Lessons
niw
1
260
生成AIを使ったQAアプリケーションの作成 - ハンズオン補足資料
oracle4engineer
PRO
3
200
remix + cloudflare workers (DO) docker上でいい感じに開発する
yoshidatomoaki
0
130
Defying Front-End Inertia: Inertia.js on Rails
skryukov
0
460
PHPで書いたAPIをGoに書き換えてみた 〜パフォーマンス改善の可能性を探る実験レポート〜
koguuum
0
140
SQL Server ベクトル検索
odashinsuke
0
170
Memory API : Patterns, Performance et Cas d'Utilisation
josepaumard
0
110

Featured

See All Featured
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Become a Pro
speakerdeck
PRO
27
5.3k
Speed Design
sergeychernyshev
29
880
YesSQL, Process and Tooling at Scale
rocio
172
14k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
40
7.2k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Designing for humans not robots
tammielis
252
25k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
31
1.1k
Why Our Code Smells
bkeepers
PRO
336
57k
Into the Great Unknown - MozCon
thekraken
37
1.7k
Fireside Chat
paigeccino
37
3.4k
The World Runs on Bad Software
bkeepers
PRO
67
11k

Transcript

  1. CORS Cross-origin resource sharing

  2. Whitelist • <script> • <img> • <iframe> • <embed>

  3. But XMLHttpRequest

  4. XSS

  5. Same origin

  6. What to do? • WebSockets • Cross-document messaging • JSONP

    • CORS

  7. JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})

  8. CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:

    GET, POST

  9. CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •

    Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers

  10. Questions?