Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Dmitry Zhlobo
July 02, 2015
Programming
87
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
180
Rails: The Good Parts
dimazhlobo
2
160
Ethereum Smart Contracts For Developers
dimazhlobo
0
130
Elasticsearch Introduction
dimazhlobo
0
770
Ruby Code Analisis
dimazhlobo
7
870
Other Decks in Programming
See All in Programming
LLMによるContent Moderationの本番運用の裏側と品質担保への挑戦
suikabar
3
680
New "Type" system on PicoRuby
pocke
1
930
Make SRE Operations Easier with Azure SRE Agent
kkamegawa
0
6.1k
エンジニアと一緒にテストコードの設計と実装を改善した話
mototakatsu
0
180
net-httpのHTTP/2対応について
naruse
0
490
TSKaigi Night Talks 2026_TypeScriptでサプライチェーンの整合性を型に閉じ込める
geekplus_tech
0
350
ADKを使って簡単にAIエージェントを作ってみよう
k1mu21
0
260
Contextとはなにか
chiroruxx
1
320
Creating Composable Callables in Contemporary C++
rollbear
0
130
PHPで使える日時の表現と、その知り方 #frontend_phpcon_do
o0h
PRO
0
240
Signal Forms: Beyond the Basics @ngBaguette 2026 in Paris
manfredsteyer
PRO
0
250
JJUG CCC 2026 Spring: JSpecify で実現する Kotlin フレンドリーな Java API 設計
ternbusty
1
170
Featured
See All Featured
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
940
Getting science done with accelerated Python computing platforms
jacobtomlinson
2
230
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
287
14k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
201
75k
Marketing to machines
jonoalderson
1
5.5k
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
270
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
greggifford
PRO
0
190
What’s in a name? Adding method to the madness
productmarketing
PRO
24
4.1k
Introduction to Domain-Driven Design and Collaborative software design
baasie
1
840
Odyssey Design
rkendrick25
PRO
2
700
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.9k
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.8k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
suikabar
pocke
kkamegawa
mototakatsu
naruse
geekplus_tech
k1mu21
chiroruxx
rollbear
o0h
manfredsteyer
ternbusty
tammyeverts
jacobtomlinson
stephaniewalter
soudai
jonoalderson
techseoconnect
greggifford
productmarketing
baasie
rkendrick25
jnunemaker
inesmontani
