Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cross-origin resource sharing
Search
Dmitry Zhlobo
July 02, 2015
Programming
1
72
Cross-origin resource sharing
Dmitry Zhlobo
July 02, 2015
Tweet
Share
More Decks by Dmitry Zhlobo
See All by Dmitry Zhlobo
Growing Rails Apps
dimazhlobo
1
110
Rails: The Good Parts
dimazhlobo
2
87
Ethereum Smart Contracts For Developers
dimazhlobo
0
70
Elasticsearch Introduction
dimazhlobo
0
700
Ruby Code Analisis
dimazhlobo
7
800
Other Decks in Programming
See All in Programming
shadcn/uiを使ってReactでの開発を加速させよう!
lef237
0
300
PHPUnitしか使ってこなかった 一般PHPerがPestに乗り換えた実録
mashirou1234
0
430
Jaspr Dart Web Framework 박제창 @Devfest 2024
itsmedreamwalker
0
150
PHPで作るWebSocketサーバー ~リアクティブなアプリケーションを知るために~ / WebSocket Server in PHP - To know reactive applications
seike460
PRO
2
770
AHC041解説
terryu16
0
420
ある日突然あなたが管理しているサーバーにDDoSが来たらどうなるでしょう?知ってるようで何も知らなかったDDoS攻撃と対策 #phpcon.2024
akase244
2
7.7k
「とりあえず動く」コードはよい、「読みやすい」コードはもっとよい / Code that 'just works' is good, but code that is 'readable' is even better.
mkmk884
6
1.4k
functionalなアプローチで動的要素を排除する
ryopeko
1
250
DMMオンラインサロンアプリのSwift化
hayatan
0
190
Fibonacci Function Gallery - Part 2
philipschwarz
PRO
0
210
ecspresso, ecschedule, lambroll を PipeCDプラグインとして動かしてみた (プロトタイプ) / Running ecspresso, ecschedule, and lambroll as PipeCD Plugins (prototype)
tkikuc
2
1.9k
React 19でお手軽にCSS-in-JSを自作する
yukukotani
5
570
Featured
See All Featured
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
Intergalactic Javascript Robots from Outer Space
tanoku
270
27k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
52k
Designing for humans not robots
tammielis
250
25k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
120k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
365
25k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
It's Worth the Effort
3n
183
28k
Keith and Marios Guide to Fast Websites
keithpitt
410
22k
How STYLIGHT went responsive
nonsquared
96
5.3k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
Documentation Writing (for coders)
carmenintech
67
4.5k
Transcript
CORS Cross-origin resource sharing
Whitelist • <script> • <img> • <iframe> • <embed>
But XMLHttpRequest
XSS
Same origin
What to do? • WebSockets • Cross-document messaging • JSONP
• CORS
JSONP <script src=“http://otherdomain.com/test.json"> callback({"how" : "it works"})
CORS OPTIONS /test.json Host: example.com Origin: http://sbdmn.example.com Access-Control-Allow-Origin: http://sbdmn.example.com Access-Control-Allow-Methods:
GET, POST
CORS • Request: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers •
Response: • Access-Control-Allow-Origin • Access-Control-Allow-Credentials • Access-Control-Expose-Headers • Access-Control-Max-Age • Access-Control-Allow-Methods • Access-Control-Allow-Headers
Questions?
dimazhlobo
lef237
mashirou1234
itsmedreamwalker
seike460
terryu16
akase244
mkmk884
ryopeko
hayatan
philipschwarz
tkikuc
yukukotani
philnash
tanoku
destraynor
tammielis
pedronauck
cassininazir
jlugia
3n
keithpitt
nonsquared
marcelosomers
carmenintech
