Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
83
1
Share
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
170
Rails: The Good Parts
dimazhlobo
2
150
Ethereum Smart Contracts For Developers
dimazhlobo
0
130
Elasticsearch Introduction
dimazhlobo
0
770
Ruby Code Analisis
dimazhlobo
7
860
Other Decks in Programming
See All in Programming
次世代リンターで探る、tsgo 時代における型認識カスタムルールの現実解
ytakahashii
3
1.3k
inferと仲良くなる10分間
ryokatsuse
1
270
AIエージェントと協働するCLI開発 — BunとOpenClawで学んだこと
yoshikouki
1
220
ふつうのFeature Flag実践入門
irof
6
3.3k
JavaDoc 再入門
nagise
0
190
Java × distroless で 軽量なコンテナイメージを / Java on Distroless
contour_gara
0
390
ReactとSvelteのその先、Ripple-TS / Beyond React and Svelte: Ripple-TS
ssssota
3
1.6k
Oxlintはいかにしてtsgolintのlint ruleを呼び出しているのか
syumai
2
990
技術記事、AIに書かせるか、自分で書くか? 〜それでも私が自分の手で書く理由〜 / #QiitaConference
jnchito
2
1.2k
Lemonade + Foundry Toolkit でお手軽アプリ開発
seosoft
1
210
サーバーレスで作る、動画データ管理基盤
oyasumipants
0
310
権限チェックの一貫性を型で守る TypeScript による多層防御
mnch
4
920
Featured
See All Featured
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
310
YesSQL, Process and Tooling at Scale
rocio
174
15k
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
1.1k
Thoughts on Productivity
jonyablonski
76
5.2k
Rails Girls Zürich Keynote
gr2m
96
14k
Automating Front-end Workflow
addyosmani
1370
210k
KATA
mclloyd
PRO
35
15k
Paper Plane
katiecoart
PRO
1
50k
Code Review Best Practice
trishagee
74
20k
How to Align SEO within the Product Triangle To Get Buy-In & Support - #RIMC
aleyda
2
1.5k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
199
74k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.9k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
ytakahashii
ryokatsuse
yoshikouki
irof
nagise
contour_gara
ssssota
syumai
jnchito
seosoft
oyasumipants
mnch
szymonslowik
rocio
aleyda
jonyablonski
gr2m
addyosmani
mclloyd
katiecoart
trishagee
soudai
bluesmoon
