Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Dmitry Zhlobo
July 02, 2015
Programming
1
76
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
150
Rails: The Good Parts
dimazhlobo
2
130
Ethereum Smart Contracts For Developers
dimazhlobo
0
110
Elasticsearch Introduction
dimazhlobo
0
750
Ruby Code Analisis
dimazhlobo
7
840
Other Decks in Programming
See All in Programming
Basic Architectures
denyspoltorak
0
630
CSC307 Lecture 02
javiergs
PRO
1
770
[KNOTS 2026登壇資料]AIで拡張‧交差する プロダクト開発のプロセス および携わるメンバーの役割
hisatake
0
170
re:Invent 2025 のイケてるサービスを紹介する
maroon1st
0
170
なぜSQLはAIぽく見えるのか/why does SQL look AI like
florets1
0
390
Denoのセキュリティに関する仕組みの紹介 (toranoana.deno #23)
uki00a
0
260
2026年 エンジニアリング自己学習法
yumechi
0
110
フロントエンド開発の勘所 -複数事業を経験して見えた判断軸の違い-
heimusu
7
2.7k
副作用をどこに置くか問題:オブジェクト指向で整理する設計判断ツリー
koxya
1
560
IFSによる形状設計/デモシーンの魅力 @ 慶應大学SFC
gam0022
1
270
.NET Conf 2025 の興味のあるセッ ションを復習した / dotnet conf 2025 quick recap for backend engineer
tomohisa
0
120
Data-Centric Kaggle
isax1015
2
710
Featured
See All Featured
The agentic SEO stack - context over prompts
schlessera
0
600
How to Grow Your eCommerce with AI & Automation
katarinadahlin
PRO
0
98
How to Think Like a Performance Engineer
csswizardry
28
2.4k
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
61
49k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.7k
Navigating Algorithm Shifts & AI Overviews - #SMXNext
aleyda
0
1.1k
The Limits of Empathy - UXLibs8
cassininazir
1
210
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
baasie
0
210
How to Align SEO within the Product Triangle To Get Buy-In & Support - #RIMC
aleyda
1
1.4k
WCS-LA-2024
lcolladotor
0
430
Java REST API Framework Comparison - PWX 2021
mraible
34
9.1k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
denyspoltorak
javiergs
hisatake
maroon1st
florets1
uki00a
yumechi
heimusu
koxya
gam0022
tomohisa
isax1015
schlessera
katarinadahlin
csswizardry
soudai
chriscoyier
marktimemedia
aleyda
cassininazir
baasie
lcolladotor
mraible
