Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
75
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
140
Rails: The Good Parts
dimazhlobo
2
120
Ethereum Smart Contracts For Developers
dimazhlobo
0
100
Elasticsearch Introduction
dimazhlobo
0
740
Ruby Code Analisis
dimazhlobo
7
830
Other Decks in Programming
See All in Programming
dotfiles 式年遷宮 令和最新版
masawada
1
690
全員アーキテクトで挑む、 巨大で高密度なドメインの紐解き方
agatan
8
19k
【Streamlit x Snowflake】データ基盤からアプリ開発・AI活用まで、すべてをSnowflake内で実現
ayumu_yamaguchi
1
110
俺流レスポンシブコーディング 2025
tak_dcxi
13
8.2k
WebRTC と Rust と 8K 60fps
tnoho
2
1.9k
tparseでgo testの出力を見やすくする
utgwkk
1
160
CSC509 Lecture 14
javiergs
PRO
0
220
Why Kotlin? 電子カルテを Kotlin で開発する理由 / Why Kotlin? at Henry
agatan
2
6.7k
AIコーディングエージェント(skywork)
kondai24
0
130
チームをチームにするEM
hitode909
0
260
開発に寄りそう自動テストの実現
goyoki
1
690
ハイパーメディア駆動アプリケーションとIslandアーキテクチャ: htmxによるWebアプリケーション開発と動的UIの局所的適用
nowaki28
0
360
Featured
See All Featured
The Art of Programming - Codeland 2020
erikaheidi
56
14k
How to train your dragon (web standard)
notwaldorf
97
6.4k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
130k
The Cost Of JavaScript in 2023
addyosmani
55
9.3k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.2k
Making the Leap to Tech Lead
cromwellryan
135
9.7k
Bash Introduction
62gerente
615
210k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.5k
Scaling GitHub
holman
464
140k
Practical Orchestrator
shlominoach
190
11k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
masawada
agatan
ayumu_yamaguchi
.jpg){kind=avatar}
tak_dcxi
tnoho
utgwkk
javiergs
kondai24
hitode909
goyoki
nowaki28
erikaheidi
notwaldorf
pedronauck
addyosmani
tanoku
tammyeverts
cromwellryan
62gerente
thoeni
holman
shlominoach
afnizarnur
