Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cross-origin resource sharing

Avatar for Dmitry Zhlobo Dmitry Zhlobo
July 02, 2015
Programming
1
78

Cross-origin resource sharing

Avatar for Dmitry Zhlobo

Dmitry Zhlobo

July 02, 2015
Tweet

More Decks by Dmitry Zhlobo

See All by Dmitry Zhlobo
Growing Rails Apps
Avatar for Dmitry Zhlobo dimazhlobo
1
160
Rails: The Good Parts
Avatar for Dmitry Zhlobo dimazhlobo
2
140
Ethereum Smart Contracts For Developers
Avatar for Dmitry Zhlobo dimazhlobo
0
120
Elasticsearch Introduction
Avatar for Dmitry Zhlobo dimazhlobo
0
750
Ruby Code Analisis
Avatar for Dmitry Zhlobo dimazhlobo
7
850

Other Decks in Programming

See All in Programming
The Ralph Wiggum Loop: First Principles of Autonomous Development
Avatar for Ryuichiro Semba sembayui
0
3.7k
Go Conference mini in Sendai 2026 : Goに新機能を提案し実装されるまでのフロー徹底解説
Avatar for Takahito Yamatoya yamatoya
0
540
AI活用のコスパを最大化する方法
Avatar for Ochtum ochtum
0
130
maplibre-gl-layers - 地図に移動体たくさん表示したい
Avatar for Kouji Matsui kekyo
PRO
0
230
TROCCOで実現するkintone+BigQueryによるオペレーション改善
Avatar for shota sato ssxota
0
160
技術検証結果の整理と解析をAIに任せよう!
Avatar for Keisuke Ikeda keisukeikeda
0
110
Codex の「自走力」を高める
Avatar for yorifuji yorifuji
0
1.1k
S3ストレージクラスの「見える」「ある」「使える」は全部違う ─ 体験から見た、仕様の深淵を覗く
Avatar for ya_ma23 ya_ma23
0
150
go directiveを最新にしすぎないで欲しい話──あるいは、Go 1.26からgo mod initで作られるgo directiveの値が変わる話 / Go 1.26 リリースパーティ
Avatar for Arthur arthur1
2
520
CDIの誤解しがちな仕様とその対処TIPS
Avatar for futokiyo futokiyo
0
190
Cyrius ーLinux非依存にコンテナをネイティブ実行する専用OSー
Avatar for n4mlz n4mlz
0
110
Docコメントで始める簡単ガードレール
Avatar for Keisuke Ikeda keisukeikeda
1
110

Featured

See All Featured
Accessibility Awareness
Avatar for Sarah Abderemane sabderemane
0
74
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
16
1.9k
The SEO Collaboration Effect
Avatar for Kristina Bergwall kristinabergwall1
0
380
Google's AI Overviews - The New Search
Avatar for Barry Adams badams
0
930
エンジニアに許された特別な時間の終わり
Avatar for watany watany
106
240k
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
Avatar for AKADEMIYA2063 akademiya2063
PRO
1
69
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
141
7.3k
Organizational Design Perspectives: An Ontology of Organizational Design Elements
Avatar for Dr. Kim W Petersen kimpetersen
PRO
1
630
Designing Powerful Visuals for Engaging Learning
Avatar for Mike Taylor tmiket
0
260
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
Avatar for Umar Saidu Auna auna
0
76
What does AI have to do with Human Rights?
Avatar for Per Axbom axbom
PRO
1
2k
[SF Ruby Conf 2025] Rails X
Avatar for Vladimir Dementyev palkan
2
820

Transcript

  1. CORS Cross-origin resource sharing

  2. Whitelist • <script> • <img> • <iframe> • <embed>

  3. But XMLHttpRequest

  4. XSS

  5. Same origin

  6. What to do? • WebSockets • Cross-document messaging • JSONP

    • CORS

  7. JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})

  8. CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:

    GET, POST

  9. CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •

    Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers

  10. Questions?