Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

Cross-origin resource sharing

Avatar for Dmitry Zhlobo Dmitry Zhlobo
July 02, 2015
Programming
1
76

Cross-origin resource sharing

Avatar for Dmitry Zhlobo

Dmitry Zhlobo

July 02, 2015
Tweet

More Decks by Dmitry Zhlobo

See All by Dmitry Zhlobo
Growing Rails Apps
Avatar for Dmitry Zhlobo dimazhlobo
1
150
Rails: The Good Parts
Avatar for Dmitry Zhlobo dimazhlobo
2
130
Ethereum Smart Contracts For Developers
Avatar for Dmitry Zhlobo dimazhlobo
0
110
Elasticsearch Introduction
Avatar for Dmitry Zhlobo dimazhlobo
0
740
Ruby Code Analisis
Avatar for Dmitry Zhlobo dimazhlobo
7
840

Other Decks in Programming

See All in Programming
Canon EOS R50 V と R5 Mark II 購入でみえてきた最近のデジイチ VR180 事情、そして VR180 静止画に活路を見出すまで
Avatar for kazuhiro hara karad
0
140
ゲームの物理 剛体編
Avatar for Fadis fadis
0
380
【卒業研究】会話ログ分析によるユーザーごとの関心に応じた話題提案手法
Avatar for MomokoShirakawa momok47
0
130
チームをチームにするEM
Avatar for hitode909 hitode909
0
400
SwiftUIで本格音ゲー実装してみた
Avatar for 蛋白(たんぱく・TANPACT) hypebeans
0
510
The Art of Re-Architecture - Droidcon India 2025
Avatar for Sid Patil siddroid
0
130
組み合わせ爆発にのまれない - 責務分割 x テスト
Avatar for HAL halhorn
1
160
AI前提で考えるiOSアプリのモダナイズ設計
Avatar for 野瀬田 裕樹 yuukiw00w
0
190
Implementation Patterns
Avatar for Denys Poltorak denyspoltorak
0
130
Cell-Based Architecture
Avatar for Luram Archanjo larchanjo
0
140
フルサイクルエンジニアリングをAI Agentで全自動化したい 〜構想と現在地〜
Avatar for Kaito Minatoya kamina_zzz
0
310
ローカルLLMを⽤いてコード補完を⾏う VSCode拡張機能を作ってみた
Avatar for NearMeの技術発表資料です nearme_tech
PRO
0
180

Featured

See All Featured
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
6k
How Software Deployment tools have changed in the past 20 years
Avatar for Geshan Manandhar geshan
0
30k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
Avatar for Tammy Everts tammyeverts
2
120
Groundhog Day: Seeking Process in Gaming for Health
Avatar for Sebastian Deterding codingconduct
0
67
AI in Enterprises - Java and Open Source to the Rescue
Avatar for ivargrimstad ivargrimstad
0
1.1k
Highjacked: Video Game Concept Design
Avatar for Ryan Kendrick rkendrick25
PRO
0
250
Neural Spatial Audio Processing for Sound Field Analysis and Control
Avatar for NII S. Koyama's Lab skoyamalab
0
130
Typedesign – Prime Four
Avatar for Hannes Fritz hannesfritz
42
2.9k
It's Worth the Effort
Avatar for 3n 3n
187
29k
The B2B funnel & how to create a winning content strategy
Avatar for Katarina Dahlin katarinadahlin
PRO
0
190
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
55
3.2k
How to Talk to Developers About Accessibility
Avatar for Jason CranfordTeague jct
1
86

Transcript

  1. CORS Cross-origin resource sharing

  2. Whitelist • <script> • <img> • <iframe> • <embed>

  3. But XMLHttpRequest

  4. XSS

  5. Same origin

  6. What to do? • WebSockets • Cross-document messaging • JSONP

    • CORS

  7. JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})

  8. CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:

    GET, POST

  9. CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •

    Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers

  10. Questions?