Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
70
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
100
Rails: The Good Parts
dimazhlobo
2
77
Ethereum Smart Contracts For Developers
dimazhlobo
0
66
Elasticsearch Introduction
dimazhlobo
0
690
Ruby Code Analisis
dimazhlobo
7
780
Other Decks in Programming
See All in Programming
Scan with Decoupled Look-back and Onesweep Radix Sort
shocker_0x15
0
160
Kaigi on Rails 2024 - Rails APIモードのためのシンプルで効果的なCSRF対策 / kaigionrails-2024-csrf
corocn
4
2.5k
レガシーな Android アプリのリアーキテクチャ戦略
oidy
1
160
Vertical Architectures for Scalable Angular Applications
manfredsteyer
PRO
0
270
組織に自動テストを書く文化を根付かせる戦略(2024秋版) / Building Automated Test Culture 2024 Autumn Edition
twada
PRO
10
4.3k
OpenTelemetryでRailsのパフォーマンス分析を始めてみよう(KoR2024)
ymtdzzz
3
850
Kotlinの好きなところ
kobaken0029
0
190
破壊せよ!データ破壊駆動で考えるドメインモデリング / data-destroy-driven
minodriven
13
3.7k
GCCのプラグインを作る / I Made a GCC Plugin
shouth
1
140
offers_20241022_imakiire.pdf
imakurusu
2
280
今日で分かる!カスタムコップの作り方
krpk1900
2
360
Tuning GraphQL on Rails
pyama86
2
730
Featured
See All Featured
Building an army of robots
kneath
302
42k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.2k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
231
17k
Raft: Consensus for Rubyists
vanstee
136
6.6k
Agile that works and the tools we love
rasmusluckow
327
21k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
9
660
Six Lessons from altMBA
skipperchong
26
3.4k
Fireside Chat
paigeccino
32
3k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
43
6.6k
How to Think Like a Performance Engineer
csswizardry
19
1.1k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
130k
Why You Should Never Use an ORM
jnunemaker
PRO
53
9k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?