Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
74
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
140
Rails: The Good Parts
dimazhlobo
2
110
Ethereum Smart Contracts For Developers
dimazhlobo
0
93
Elasticsearch Introduction
dimazhlobo
0
730
Ruby Code Analisis
dimazhlobo
7
820
Other Decks in Programming
See All in Programming
Design Foundational Data Engineering Observability
sucitw
3
190
実用的なGOCACHEPROG実装をするために / golang.tokyo #40
mazrean
1
250
Compose Multiplatform × AI で作る、次世代アプリ開発支援ツールの設計と実装
thagikura
0
140
「手軽で便利」に潜む罠。 Popover API を WCAG 2.2の視点で安全に使うには
taitotnk
0
840
速いWebフレームワークを作る
yusukebe
5
1.7k
1から理解するWeb Push
dora1998
7
1.8k
時間軸から考えるTerraformを使う理由と留意点
fufuhu
15
4.6k
AI時代のUIはどこへ行く?
yusukebe
17
8.8k
Namespace and Its Future
tagomoris
6
700
Performance for Conversion! 分散トレーシングでボトルネックを 特定せよ
inetand
0
130
Navigating Dependency Injection with Metro
zacsweers
3
240
TDD 実践ミニトーク
contour_gara
1
290
Featured
See All Featured
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
188
55k
The Straight Up "How To Draw Better" Workshop
denniskardys
236
140k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
810
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
61k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
229
22k
GraphQLの誤解/rethinking-graphql
sonatard
72
11k
For a Future-Friendly Web
brad_frost
180
9.9k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
126
53k
What's in a price? How to price your products and services
michaelherold
246
12k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Designing for humans not robots
tammielis
253
25k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
sucitw
mazrean
thagikura
taitotnk
yusukebe
dora1998
fufuhu
tagomoris
inetand
zacsweers
contour_gara
soudai
denniskardys
tammyeverts
chriscoyier
lemiorhan
danielanewman
sonatard
brad_frost
aki_iinuma
michaelherold
aarron
tammielis
