Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Dmitry Zhlobo
July 02, 2015
Programming
81
1
Share
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
160
Rails: The Good Parts
dimazhlobo
2
140
Ethereum Smart Contracts For Developers
dimazhlobo
0
120
Elasticsearch Introduction
dimazhlobo
0
760
Ruby Code Analisis
dimazhlobo
7
860
Other Decks in Programming
See All in Programming
アーキテクチャモダナイゼーションとは何か
nwiizo
19
5.4k
Making the RBS Parser Faster
soutaro
0
520
「話せることがない」を乗り越える 〜日常業務から登壇テーマをつくる思考法〜
shoheimitani
4
860
PicoRuby for IoT: Connecting to the Cloud with MQTT
yuuu
2
660
Spec-driven Development: How AI Changes Everything (And Nothing)
simas
PRO
0
250
10年分の技術的負債、完済へ ― Claude Code主導のAI駆動開発でスポーツブルを丸ごとリプレイスした話
takuya_houshima
0
2.6k
AIと共に生きる技術選定 2026
sgash708
0
110
AIを導入する前にやるべきこと
negima
2
250
How We Benchmarked Quarkus: Patterns and anti-patterns
hollycummins
1
160
YJITとZJITにはイカなる違いがあるのか?
nakiym
0
250
VueエンジニアがReactを触って感じた_設計の違い
koukimiura
0
180
Surviving Black Friday: 329 billion requests with Falcon!
ioquatix
0
830
Featured
See All Featured
エンジニアに許された特別な時間の終わり
watany
106
240k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
540
Writing Fast Ruby
sferik
630
63k
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
1
530
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.8k
The B2B funnel & how to create a winning content strategy
katarinadahlin
PRO
1
340
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
madoxten
62
53k
The browser strikes back
jonoalderson
0
990
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
1
510
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
3.8k
Facilitating Awesome Meetings
lara
57
6.8k
Automating Front-end Workflow
addyosmani
1370
200k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
nwiizo
soutaro
shoheimitani
yuuu
simas
takuya_houshima
sgash708
negima
hollycummins
nakiym
koukimiura
ioquatix
watany
tammyeverts
sferik
inesmontani
bcantrill
katarinadahlin
madoxten
jonoalderson
raygrieselhuber
lara
addyosmani
