Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
71
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
110
Rails: The Good Parts
dimazhlobo
2
83
Ethereum Smart Contracts For Developers
dimazhlobo
0
70
Elasticsearch Introduction
dimazhlobo
0
700
Ruby Code Analisis
dimazhlobo
7
800
Other Decks in Programming
See All in Programming
create_tableをしただけなのに〜囚われのuuid編〜
daisukeshinoku
0
270
命名をリントする
chiroruxx
1
420
Fibonacci Function Gallery - Part 1
philipschwarz
PRO
0
220
ブラウザ単体でmp4書き出すまで - muddy-web - 2024-12
yue4u
3
490
tidymodelsによるtidyな生存時間解析 / Japan.R2024
dropout009
1
790
ゆるやかにgolangci-lintのルールを強くする / Kyoto.go #56
utgwkk
2
400
MCP with Cloudflare Workers
yusukebe
2
220
数十万行のプロジェクトを Scala 2から3に完全移行した
xuwei_k
0
280
From Translations to Multi Dimension Entities
alexanderschranz
2
140
Kaigi on Railsに初参加したら、その日にLT登壇が決定した件について
tama50505
0
100
Keeping it Ruby: Why Your Product Needs a Ruby SDK - RubyWorld 2024
envek
0
190
nekko cloudにおけるProxmox VE利用事例
irumaru
3
440
Featured
See All Featured
Measuring & Analyzing Core Web Vitals
bluesmoon
4
170
The Cost Of JavaScript in 2023
addyosmani
45
7k
Making Projects Easy
brettharned
116
5.9k
Designing on Purpose - Digital PM Summit 2013
jponch
116
7k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Six Lessons from altMBA
skipperchong
27
3.5k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Site-Speed That Sticks
csswizardry
2
190
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Testing 201, or: Great Expectations
jmmastey
40
7.1k
Producing Creativity
orderedlist
PRO
341
39k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?