Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
74
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
130
Rails: The Good Parts
dimazhlobo
2
100
Ethereum Smart Contracts For Developers
dimazhlobo
0
82
Elasticsearch Introduction
dimazhlobo
0
720
Ruby Code Analisis
dimazhlobo
7
820
Other Decks in Programming
See All in Programming
💎 My RubyKaigi Effect in 2025: Top Ruby Companies 🌐
yasulab
PRO
1
130
Cursor Meetup Tokyo ゲノミクスとCursor: 進化と制約のあいだ
koido
2
970
The Evolution of Enterprise Java with Jakarta EE 11 and Beyond
ivargrimstad
1
590
つよそうにふるまい、つよい成果を出すのなら、つよいのかもしれない
irof
1
280
eBPFを用いたAIネットワーク監視システム論文の実装 / eBPF Japan Meetup #4
yuukit
3
750
Prism.parseで 300本以上あるエンドポイントに 接続できる権限の一覧表を作ってみた
hatsu38
1
110
Webからモバイルへ Vue.js × Capacitor 活用事例
naokihaba
0
520
カクヨムAndroidアプリのリブート
numeroanddev
0
410
Perlで痩せる
yuukis
1
680
「兵法」から見る質とスピード
ickx
0
260
[初登壇@jAZUG]アプリ開発者が気になるGoogleCloud/Azure+wasm/wasi
asaringo
0
120
Agent Rules as Domain Parser
yodakeisuke
1
610
Featured
See All Featured
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Designing for humans not robots
tammielis
253
25k
Fireside Chat
paigeccino
37
3.5k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
48
5.4k
Embracing the Ebb and Flow
colly
86
4.7k
How STYLIGHT went responsive
nonsquared
100
5.6k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.3k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
14
1.5k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
357
30k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
yasulab
koido
ivargrimstad
irof
yuukit
hatsu38
naokihaba
numeroanddev
yuukis
ickx
asaringo
yodakeisuke
sugarenia
garrettdimon
tammielis
paigeccino
reverentgeek
colly
nonsquared
thoeni
malarkey
bermonpainter
scottboms
