Download - Cross Origin Communication (CORS)
![Page 1: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/1.jpg)
unlockingthesecrets
![Page 2: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/2.jpg)
![Page 3: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/3.jpg)
don'tmakecross-originrequests
![Page 4: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/4.jpg)
![Page 5: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/5.jpg)
ProtectionforserverProtectionforclients
![Page 6: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/6.jpg)
Netscapedays-1999?RFC6454
64546454
![Page 7: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/7.jpg)
Allbrowsers:javascript*java*flash
![Page 8: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/8.jpg)
There'sIE,andthenthere'severyoneelse...
![Page 9: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/9.jpg)
![Page 10: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/10.jpg)
<scriptsrc="..."/><img/videosrc="..."/><ahref="..."/>formsubmissioniframeembeddedpages
![Page 11: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/11.jpg)
![Page 12: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/12.jpg)
Javascriptcannotbeusedtoaccessmostiframeproperties/content
e.g.:bankingappw/ads
![Page 13: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/13.jpg)
HTML5WebMessaging(window.postMessage)
![Page 14: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/14.jpg)
WebMessaging(traditionalendpoint)303redirect(S3endpoint)
![Page 15: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/15.jpg)
Javascriptaccesstoproperties,andtheabilitytoexport.
e.g.modifyinganimage&cachingit
![Page 16: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/16.jpg)
1. crossoriginattribute&Access-Control-Allow-Originheader(CORS)2. Proxying
![Page 17: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/17.jpg)
*Browserswillsimplynotsendanycross-originrequest
e.g.mini-stackoverflow
![Page 18: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/18.jpg)
CORSspecJSONP
![Page 19: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/19.jpg)
![Page 20: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/20.jpg)
Allowsforcross-originajaxrequests:serversmustopt-infullsupportinallmodernbrowsersIE9/8havepartialsupportnosupportforIE7&older
![Page 21: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/21.jpg)
XMLHttpRequestmethods:GET,POST,HEADheaders:Accept,Accept-Language,Content-Language,Content-TypeContent-Type:text/plain,application/x-www-form-urlencoded,multipart/form-datarequestincludesanOriginheaderresponsemustincludeanAccess-Control-Allow-OriginheaderresponseoptionallyincludesAccess-Control-Expose-Headers
![Page 22: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/22.jpg)
XDomainRequestIE8-9methods:GET,POST,HEADcannotsendANYheaders!requestincludesanOriginheaderresponsemustincludeanAccess-Control-Allow-Originheadernoaccesstoresponseheadersnoaccesstoresponsestatus
![Page 23: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/23.jpg)
browser-preflightedXMLHttpRequestmethods:DELETE,PUTorGET/POSTw/non-simpleheadersorContent-Typebrowser "preflights" request (OPTIONS) w/ Origin, Access-Control-
Request-Method,&Access-Control-Request-HeadersheadersservermustrespondwithAccess-Control-Allow-Origin,Access-Control-
Allow-Methods,&Access-Control-Allow-Headersheadersbrowserthensendstheoriginalrequestw/Originheaderservermustrespondw/Access-Control-Allow-Originheader
![Page 24: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/24.jpg)
Notsupported,butworkaroundsavailableforsomecases:DELETE/PUTmethod->POSTw/_methodparam
![Page 25: Cross Origin Communication (CORS)](https://reader034.vdocuments.us/reader034/viewer/2022052316/559dfd8d1a28ab61098b46d6/html5/thumbnails/25.jpg)
XDomainiframelibrary