Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
74
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
140
Rails: The Good Parts
dimazhlobo
2
120
Ethereum Smart Contracts For Developers
dimazhlobo
0
98
Elasticsearch Introduction
dimazhlobo
0
730
Ruby Code Analisis
dimazhlobo
7
830
Other Decks in Programming
See All in Programming
20251016_Rails News ~Rails 8.1の足音を聴く~
morimorihoge
3
890
なんでRustの環境構築してないのにRust製のツールが動くの? / Why Do Rust-Based Tools Run Without a Rust Environment?
ssssota
14
47k
品質ワークショップをやってみた
nealle
0
660
モテるデスク環境
mozumasu
3
1.4k
ネストしたdata classの面倒な更新にさようなら!Lensを作って理解するArrowのOpticsの世界
shiita0903
1
170
EMこそClaude Codeでコード調査しよう
shibayu36
0
490
AIのバカさ加減に怒る前にやっておくこと
blueeventhorizon
0
120
React Nativeならぬ"Vue Native"が実現するかも?_新世代マルチプラットフォーム開発フレームワークのLynxとLynxのVue.js対応を追ってみよう_Vue Lynx
yut0naga1_fa
2
1.9k
Migration to Signals, Resource API, and NgRx Signal Store
manfredsteyer
PRO
0
130
Kotlinで実装するCPU/GPU 「協調的」パフォーマンス管理
matuyuhi
0
100
Google Opalで使える37のライブラリ
mickey_kubo
3
170
KoogではじめるAIエージェント開発
hiroaki404
1
180
Featured
See All Featured
The Invisible Side of Design
smashingmag
302
51k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
190
55k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.2k
We Have a Design System, Now What?
morganepeng
53
7.9k
Statistics for Hackers
jakevdp
799
220k
Code Review Best Practice
trishagee
72
19k
Unsuck your backbone
ammeep
671
58k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
31
2.9k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
359
30k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.7k
Music & Morning Musume
bryan
46
6.9k
Fireside Chat
paigeccino
41
3.7k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
morimorihoge
ssssota
nealle
mozumasu
shiita0903
shibayu36
blueeventhorizon
yut0naga1_fa
manfredsteyer
matuyuhi
mickey_kubo
hiroaki404
smashingmag
soudai
tammyeverts
morganepeng
jakevdp
trishagee
ammeep
danielanewman
bermonpainter
reverentgeek
bryan
paigeccino
