Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Dmitry Zhlobo
July 02, 2015
Programming
1
77
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
160
Rails: The Good Parts
dimazhlobo
2
130
Ethereum Smart Contracts For Developers
dimazhlobo
0
110
Elasticsearch Introduction
dimazhlobo
0
750
Ruby Code Analisis
dimazhlobo
7
840
Other Decks in Programming
See All in Programming
「ブロックテーマでは再現できない」は本当か?
inc2734
0
1.1k
組織で育むオブザーバビリティ
ryota_hnk
0
180
[KNOTS 2026登壇資料]AIで拡張‧交差する プロダクト開発のプロセス および携わるメンバーの役割
hisatake
0
320
プロダクトオーナーから見たSOC2 _SOC2ゆるミートアップ#2
kekekenta
0
250
humanlayerのブログから学ぶ、良いCLAUDE.mdの書き方
tsukamoto1783
0
200
Claude Codeと2つの巻き戻し戦略 / Two Rewind Strategies with Claude Code
fruitriin
0
170
AI & Enginnering
codelynx
0
140
atmaCup #23でAIコーディングを活用した話
ml_bear
3
510
並行開発のためのコードレビュー
miyukiw
2
1.7k
Python’s True Superpower
hynek
0
170
生成AIを活用したソフトウェア開発ライフサイクル変革の現在値
hiroyukimori
PRO
0
120
JPUG勉強会 OSSデータベースの内部構造を理解しよう
oga5
2
190
Featured
See All Featured
Claude Code のすすめ
schroneko
67
210k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
Docker and Python
trallard
47
3.7k
Building a Modern Day E-commerce SEO Strategy
aleyda
45
8.7k
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
katarinadahlin
PRO
1
3.4k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.1k
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
techseoconnect
PRO
0
120
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
160
Why Our Code Smells
bkeepers
PRO
340
58k
Context Engineering - Making Every Token Count
addyosmani
9
670
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
aleyda
1
1.9k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
inc2734
ryota_hnk
hisatake
kekekenta
tsukamoto1783
fruitriin
codelynx
ml_bear
miyukiw
hynek
hiroyukimori
oga5
schroneko
morganepeng
trallard
aleyda
katarinadahlin
garrettdimon
techseoconnect
nikkihalliwell
bkeepers
addyosmani
