Cross Origin Resource Sharing

of 12

Please download to get full document.

View again

All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
12 pages
0 downs
Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the resource originated. A web page may freely embed images, stylesheets, scripts, iframes, videos and some plugin content (such as Adobe Flash) from any other domain. However embedded web fonts and AJAX (XMLHttpRequest) requests have traditionally been limited to accessing the same domain as the parent web page (as per the same-origin security policy). "Cross-domain" AJAX requests are forbidden by default because of their ability to perform advanced requests (POST, PUT, DELETE and other types of HTTP requests, along with specifying custom HTTP headers) that introduce many cross-site scripting security issues. CORS defines a way in which a browser and server can interact to determine safely whether or not to allow the cross-origin request. It allows for more freedom and functionality than purely same-origin requests, but is more secure than simply allowing all cross-origin requests. It is a recommended standard of the W3C.
  • 1. Cross Origin Resource Sharing (CORS) Chathura Weerasooriya 27/04/2016
  • 2. How does Origin differ • Absolute URI => { protocol, host, port} protocol host port
  • 3. Same Origin Policy • Netscape Navigator 2 in 1995
  • 4. Why Same Origin Policy? • can read DOM values from the opened in another tab. • can read DOM values from the opened in another tab • For a bank account?
  • 5. Because of this, • Origin is permitted to send data to another origin. But not to read. • Cross origin writes Permitted ex: redirects, links, from actions • Cross origin embedding Permitted ex: html tags with src/href • Cross origin reads Restricted!!!
  • 6. Why Cross Origin???
  • 7. JSON-P • JSON {“age” : 42} • JSONP callback({“age” : 42}); Controller should be changed to return a value as the JSONP type
  • 8. Browser support for CORS
  • 9. CORS
  • 10. CORS • One way…. web.config file • Windows Azure has a nice way of doing that
  • 11. References
  • Related Search
    We Need Your Support
    Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

    Thanks to everyone for your continued support.

    No, Thanks