Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cross-origin resource sharing

Avatar for Dmitry Zhlobo Dmitry Zhlobo
July 02, 2015
Programming
1
78

Cross-origin resource sharing

Avatar for Dmitry Zhlobo

Dmitry Zhlobo

July 02, 2015
Tweet

More Decks by Dmitry Zhlobo

See All by Dmitry Zhlobo
Growing Rails Apps
Avatar for Dmitry Zhlobo dimazhlobo
1
160
Rails: The Good Parts
Avatar for Dmitry Zhlobo dimazhlobo
2
140
Ethereum Smart Contracts For Developers
Avatar for Dmitry Zhlobo dimazhlobo
0
120
Elasticsearch Introduction
Avatar for Dmitry Zhlobo dimazhlobo
0
750
Ruby Code Analisis
Avatar for Dmitry Zhlobo dimazhlobo
7
850

Other Decks in Programming

See All in Programming
Claude Codeログ基盤の構築
Avatar for giginet giginet
PRO
7
3.7k
Cyrius ーLinux非依存にコンテナをネイティブ実行する専用OSー
Avatar for n4mlz n4mlz
0
250
AI Assistants for Your Angular Solutions
Avatar for Manfred Steyer manfredsteyer
PRO
0
160
メッセージングを利用して時間的結合を分離しよう #phperkaigi
Avatar for Takuma Kajikawa kajitack
3
480
Feature Toggle は捨てやすく使おう
Avatar for gennei gennei
0
370
見せてもらおうか、 OpenSearchの性能とやらを!
Avatar for shunta ichikawa shunta27
1
150
Geminiをパートナーに神社DXシステムを個人開発した話(いなめぐDX 開発振り返り)
Avatar for T. Fujiba fujiba
0
120
生成 AI 時代のスナップショットテストってやつを見せてあげますよ(α版)
Avatar for ojun ojun9
0
310
最初からAWS CDKで技術検証してもいいんじゃない?
Avatar for アキキー | Akihisa Ikeda akihisaikeda
4
180
Fundamentals of Software Engineering In the Age of AI
Avatar for Dan Vega therealdanvega
2
300
今年もTECHSCOREブログを書き続けます!
Avatar for 平奥真一(ひらおくしんいち) hiraoku101
0
180
PHP でエミュレータを自作して Ubuntu を動かそう
Avatar for memory m3m0r7
PRO
2
150

Featured

See All Featured
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
55
9.8k
The untapped power of vector embeddings
Avatar for Frank van Dijk frankvandijk
2
1.6k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
46
2.7k
Gemini Prompt Engineering: Practical Techniques for Tangible AI Outcomes
Avatar for Mfonobong Umondia mfonobong
2
340
The Curious Case for Waylosing
Avatar for Cassini Nazir cassininazir
0
280
Claude Code のすすめ
Avatar for schroneko schroneko
67
220k
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
698
190k
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
Avatar for MADOX madoxten
62
53k
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
25
1.8k
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
Avatar for Umar Saidu Auna auna
0
98
How to build an LLM SEO readiness audit: a practical framework
Avatar for Nick Samuel nmsamuel
1
700
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
38
2.8k

Transcript

  1. CORS Cross-origin resource sharing

  2. Whitelist • <script> • <img> • <iframe> • <embed>

  3. But XMLHttpRequest

  4. XSS

  5. Same origin

  6. What to do? • WebSockets • Cross-document messaging • JSONP

    • CORS

  7. JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})

  8. CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:

    GET, POST

  9. CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •

    Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers

  10. Questions?