Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cross-origin resource sharing

Avatar for Dmitry Zhlobo Dmitry Zhlobo
July 02, 2015
Programming
1
74

Cross-origin resource sharing

Avatar for Dmitry Zhlobo

Dmitry Zhlobo

July 02, 2015
Tweet

More Decks by Dmitry Zhlobo

See All by Dmitry Zhlobo
Growing Rails Apps
Avatar for Dmitry Zhlobo dimazhlobo
1
130
Rails: The Good Parts
Avatar for Dmitry Zhlobo dimazhlobo
2
110
Ethereum Smart Contracts For Developers
Avatar for Dmitry Zhlobo dimazhlobo
0
86
Elasticsearch Introduction
Avatar for Dmitry Zhlobo dimazhlobo
0
720
Ruby Code Analisis
Avatar for Dmitry Zhlobo dimazhlobo
7
820

Other Decks in Programming

See All in Programming
バイブコーディング超えてバイブデプロイ〜CloudflareMCPで実現する、未来のアプリケーションデリバリー〜
Avatar for azukiazusa azukiazusa1
2
590
Yes, You Can Work on Rails & any other Gem
Avatar for Kasper Timm Hansen kaspth
0
100
顧客の画像データをテラバイト単位で配信する 画像サーバを WebP にした際に起こった課題と その対応策 ~継続的な取り組みを添えて~
Avatar for Takuya TAKAHASHI takutakahashi
4
1.3k
MCPを使ってイベントソーシングのAIコーディングを効率化する / Streamlining Event Sourcing AI Coding with MCP
Avatar for Tomohisa Takaoka tomohisa
0
170
[SRE NEXT] 複雑なシステムにおけるUser Journey SLOの導入
Avatar for yakenji yakenji
0
160
副作用と戦う PHP リファクタリング ─ ドメインイベントでビジネスロジックを解きほぐす
Avatar for Takuma Kajikawa kajitack
2
220
20250708_JAWS_opscdk
Avatar for Takuya Yonezawa takuyay0ne
2
130
Rails Frontend Evolution: It Was a Setup All Along
Avatar for Svyatoslav Kryukov skryukov
0
290
生成AI時代のコンポーネントライブラリの作り方
Avatar for touyou touyou
1
290
スタートアップの急成長を支えるプラットフォームエンジニアリングと組織戦略
Avatar for Yusuke Suto sutochin26
1
7.4k
バイブスあるコーディングで ~PHP~ 便利ツールをつくるプラクティス
Avatar for uzulla uzulla
1
140
リバースエンジニアリング新時代へ!
GhidraとClaude DesktopをMCPで繋ぐ/findy202507
Avatar for @tkmru tkmru
3
1.1k

Featured

See All Featured
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
48
50k
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
273
40k
Writing Fast Ruby
Avatar for Erik Berlin sferik
628
62k
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
29
2.7k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
50
5.5k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
367
19k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
95
14k
Git: the NoSQL Database
Avatar for Brandon Keepers bkeepers
PRO
431
65k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
1
460
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.4k
Site-Speed That Sticks
Avatar for Harry Roberts csswizardry
10
710
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
63
7.8k

Transcript

  1. CORS Cross-origin resource sharing

  2. Whitelist • <script> • <img> • <iframe> • <embed>

  3. But XMLHttpRequest

  4. XSS

  5. Same origin

  6. What to do? • WebSockets • Cross-document messaging • JSONP

    • CORS

  7. JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})

  8. CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:

    GET, POST

  9. CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •

    Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers

  10. Questions?