Cargando…
CORS Essentials.
Share code and assets across domains in Web applications with CORSAbout This Book* A step-by-step guide but at a high level/fast pace. Not all steps are covered as a basic knowledge is assumed* Provides a basic overview of the concepts but the focus is on providing the practical skills required to d...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Packt Publishing,
2017.
|
| Temas: | |
| Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Cover; Copyright; Credits; About the Authors; www.PacktPub.com; Customer Feedback; Table of Contents; Preface; Chapter 1: Why You Need CORS; The same-origin policy; Considering the origin of entities; Internet Explorer exception policy; Commonly allowed cross-origin resource sharing; DOM elements allowed for cross-origin sharing; Allowing cross-origin sharing in WebSockets; Limited cross-origin JavaScript API access; Permissions required by JavaScript; JavaScript data storage access is strictly limited by origin; How CORS works
- the header and the request; The CORS header.
- Example 1
- CORS request with JavaScriptPassing a request to a utility function; Example 2: the CORS transaction to retrieve the title tag; Distributing DOM elements to multiple domains; Putting it all together; Securing when all domains are whitelisted; Methods to add security when a CORS header whitelists all domains; Simple CORS request methods; CORS with Preflight; Triggering a preflight by setting a custom header; The preflight request; The preflight response; CORS via jQuery; Known issues with CORS preflight; Preflight in Firefox; Preflight in Chrome; Preflight in Internet Explorer.
- Non-simple CORS request methods and headers require preflightChecking for the withCredentials property; Troubleshooting and debugging CORS; Browser support for crossorigin attribute in the tag; CORS with jQuery; jQuery CORS AJAX plugin; Enabling CORS globally with server configuration; Alternatives to CORS; Example of JSON-P; Using JSON-P
- limitations and risks; Proposed JSON-P validation standard; WebSocket; WebSocket handshakes; WebSocket and cross-domain resource sharing; Risks of using WebSocket for cross-domain resource sharing; The window.postMessage method.
- PostMessage risks and security measuresSummary; Chapter 2: Creating Proxies for CORS; Proxies and the World Wide Web; What is a proxy server?; Reasons to use a proxy; Avoid mixing up protocols; Some API platforms require proxies or CORS; Getting through a local network firewall; Types of proxy server; Creating a proxy server with Google App Engine; Reverse proxy server; Reverse proxy server with Apache VirtualHost and .htaccess; Reverse proxy server in node.js; Summary; Chapter 3: Usability and Security; CORS usability; Browser support for CORS; Detecting AJAX support in the browser.
- Using preflight for non-simple CORS requestsThe HTTP request headers; HTTP response headers; Enhancing security in CORS; Limiting access when using the Access-Control-Allow-Origin, * wildcard; Trusting the HTTP_ORIGIN header is not recommended; Requests with credentials; CORS security cheat sheet by OWASP; Summary; Chapter 4: CORS in Popular Content Management Frameworks; Incoming CORS requests; SAAS or self-hosted?; CORS in WordPress; Limited support for CORS in SAAS WordPress.com; Unauthenticated GET requests to WordPress.com; Authenticated requests to WordPress.com.