Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
72
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
110
Rails: The Good Parts
dimazhlobo
2
91
Ethereum Smart Contracts For Developers
dimazhlobo
0
72
Elasticsearch Introduction
dimazhlobo
0
710
Ruby Code Analisis
dimazhlobo
7
810
Other Decks in Programming
See All in Programming
負債になりにくいCSSをデザイナとつくるには?
fsubal
10
2.5k
SwiftUI Viewの責務分離
elmetal
PRO
2
240
Linux && Docker 研修/Linux && Docker training
forrep
24
4.5k
ファインディの テックブログ爆誕までの軌跡
starfish719
2
1.1k
color-scheme: light dark; を完全に理解する
uhyo
6
430
Introduction to kotlinx.rpc
arawn
0
710
How mixi2 Uses TiDB for SNS Scalability and Performance
kanmo
38
15k
社内フレームワークとその依存性解決 / in-house framework and its dependency management
vvakame
1
560
CSS Linter による Baseline サポートの仕組み
ryo_manba
1
110
コミュニティ駆動 AWS CDK ライブラリ「Open Constructs Library」 / community-cdk-library
gotok365
2
150
クリーンアーキテクチャから見る依存の向きの大切さ
shimabox
3
630
『テスト書いた方が開発が早いじゃん』を解き明かす #phpcon_nagoya
o0h
PRO
2
590
Featured
See All Featured
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
9
450
Thoughts on Productivity
jonyablonski
69
4.5k
Building a Scalable Design System with Sketch
lauravandoore
461
33k
Building Applications with DynamoDB
mza
93
6.2k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.4k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
100
18k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.3k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
29
1k
Optimizing for Happiness
mojombo
376
70k
A Tale of Four Properties
chriscoyier
158
23k
Site-Speed That Sticks
csswizardry
4
380
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
30
4.6k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
fsubal
elmetal
forrep
starfish719
uhyo
arawn
kanmo
vvakame
ryo_manba
gotok365
shimabox
o0h
sergeychernyshev
jonyablonski
lauravandoore
mza
danielanewman
panda_program
productmarketing
garrettdimon
mojombo
chriscoyier
csswizardry
kevinliebholz
