Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
88
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
180
Rails: The Good Parts
dimazhlobo
2
160
Ethereum Smart Contracts For Developers
dimazhlobo
0
130
Elasticsearch Introduction
dimazhlobo
0
770
Ruby Code Analisis
dimazhlobo
7
870
Other Decks in Programming
See All in Programming
キャリア迷子上等 ─ "ない道"は自分で作ればいい
16bitidol
3
2.8k
鹿野さんに聞く!『TypeScriptコードレシピ集』で磨く実践力
tonkotsuboy_com
4
1k
Dataformのリポジトリを立ち上げるときにまずやること / dataform-day0-2026
snhryt
0
210
「AIで開発し、AIを届ける」をEvalでつなぐ 〜AIネイティブに始めるプロダクト開発の実践〜 / Connecting "Develop with AI, deliver AI" with Eval
rkaga
4
5.7k
【やさしく解説 設計編・中級 #1】一つの車に、運転手は一人 ~ある倉庫システムの事例から~
panda728
PRO
0
120
20260623_Loop Engineeringで自分の分身の問い合わせBotを作る
ryugen04
0
180
その問い、本当に正しいですか?AI時代のエンジニアに必要な哲学と認知科学 / ai-philosophy-cognitive-science
minodriven
14
6.7k
【SRE NEXT 2026 Lunch Session】一人目専任SREの立ち上げを加速する ― AIと進めたオンボーディングで2分を0.04秒にした話
pkshadeck
PRO
0
1.7k
Developing with AI Agents — Codex, Claude Code & Cowork Practical Guide
x5gtrn
PRO
0
1.3k
初めてのKubernetes 本番運用でハマった話
oku053
0
120
過去最大のMCPアップデート! 2026-07-28 RC版の謎に迫る
licux
6
460
Skillsは効率化、Agentsは"自分の拡張"——Builder時代のエージェント編成(CC Night 2026)
wemra
1
200
Featured
See All Featured
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
What the history of the web can teach us about the future of AI
inesmontani
PRO
1
630
Introduction to Domain-Driven Design and Collaborative software design
baasie
1
890
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
123
22k
Become a Pro
speakerdeck
PRO
31
6k
Primal Persuasion: How to Engage the Brain for Learning That Lasts
tmiket
0
390
Color Theory Basics | Prateek | Gurzu
gurzu
0
380
Large-scale JavaScript Application Architecture
addyosmani
515
110k
Getting science done with accelerated Python computing platforms
jacobtomlinson
2
260
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
6k
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.9k
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
3
3.6k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?