Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
74
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
120
Rails: The Good Parts
dimazhlobo
2
100
Ethereum Smart Contracts For Developers
dimazhlobo
0
80
Elasticsearch Introduction
dimazhlobo
0
720
Ruby Code Analisis
dimazhlobo
7
820
Other Decks in Programming
See All in Programming
Serving TUIs over SSH with Go
caarlos0
0
630
flutter_kaigi_mini_4.pdf
nobu74658
0
150
今話題のMCPサーバーをFastAPIでサッと作ってみた
yuukis
0
130
파급효과: From AI to Android Development
l2hyunwoo
0
160
Flutterでllama.cppをつかってローカルLLMを試してみた
sakuraidayo
0
140
Bedrock × Confluenceで簡単(?)社内RAG
iharuoru
1
120
In geheimer Mission: AI Agents entwickeln
joergneumann
0
110
MySQL初心者が311個のカラムにNot NULL制約を追加していってALTER TABLEについて学んだ話
hatsu38
2
110
Instrumentsを使用した アプリのパフォーマンス向上方法
hinakko
0
240
Dissecting and Reconstructing Ruby Syntactic Structures
ydah
4
2.1k
Cursor/Devin全社導入の理想と現実
saitoryc
29
22k
バイラテラルアップサンプリング
fadis
3
410
Featured
See All Featured
Large-scale JavaScript Application Architecture
addyosmani
512
110k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.7k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
5
560
Speed Design
sergeychernyshev
29
930
Thoughts on Productivity
jonyablonski
69
4.6k
Statistics for Hackers
jakevdp
799
220k
The World Runs on Bad Software
bkeepers
PRO
68
11k
Documentation Writing (for coders)
carmenintech
71
4.8k
The Power of CSS Pseudo Elements
geoffreycrofte
75
5.8k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.2k
How to Think Like a Performance Engineer
csswizardry
23
1.6k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
caarlos0
nobu74658
yuukis
l2hyunwoo
sakuraidayo
iharuoru
joergneumann
hatsu38
hinakko
ydah
saitoryc
fadis
addyosmani
bluesmoon
tammyeverts
sergeychernyshev
jonyablonski
jakevdp
bkeepers
carmenintech
geoffreycrofte
smashingmag
philnash
csswizardry
