Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
74
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
140
Rails: The Good Parts
dimazhlobo
2
110
Ethereum Smart Contracts For Developers
dimazhlobo
0
96
Elasticsearch Introduction
dimazhlobo
0
730
Ruby Code Analisis
dimazhlobo
7
830
Other Decks in Programming
See All in Programming
アメ車でサンノゼを走ってきたよ!
s_shimotori
0
200
iOSエンジニア向けの英語学習アプリを作る!
yukawashouhei
0
180
CSC305 Lecture 02
javiergs
PRO
1
260
Reduxモダナイズ 〜コードのモダン化を通して、将来のライブラリ移行に備える〜
pvcresin
2
690
uniqueパッケージの内部実装を支えるweak pointerの話
magavel
0
930
Catch Up: Go Style Guide Update
andpad
0
200
タスクの特性や不確実性に応じた最適な作業スタイルの選択(ペアプロ・モブプロ・ソロプロ)と実践 / Optimal Work Style Selection: Pair, Mob, or Solo Programming.
honyanya
3
140
NetworkXとGNNで学ぶグラフデータ分析入門〜複雑な関係性を解き明かすPythonの力〜
mhrtech
3
1.1k
実践AIチャットボットUI実装入門
syumai
7
2.5k
私はどうやって技術力を上げたのか
yusukebe
43
17k
XP, Testing and ninja testing ZOZ5
m_seki
3
360
CSC509 Lecture 03
javiergs
PRO
0
330
Featured
See All Featured
Done Done
chrislema
185
16k
Site-Speed That Sticks
csswizardry
11
880
A Tale of Four Properties
chriscoyier
160
23k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
189
55k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.6k
KATA
mclloyd
32
15k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
34
6.1k
Rebuilding a faster, lazier Slack
samanthasiow
84
9.2k
How STYLIGHT went responsive
nonsquared
100
5.8k
Producing Creativity
orderedlist
PRO
347
40k
Learning to Love Humans: Emotional Interface Design
aarron
274
40k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
s_shimotori
yukawashouhei
javiergs
pvcresin
magavel
andpad
honyanya
mhrtech
syumai
yusukebe
m_seki
chrislema
csswizardry
chriscoyier
kastner
soudai
garrettdimon
mclloyd
kevinliebholz
samanthasiow
nonsquared
orderedlist
aarron
