eBook - ePub

CORS Essentials

Name: CORS Essentials
Author: Rajesh Gunasundaram, Randall Goya

Rajesh Gunasundaram, Randall Goya

Share book

144 pages
English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

CORS Essentials

Rajesh Gunasundaram, Randall Goya

Book details

Book preview

Table of contents

Citations

About This Book

Share code and assets across domains in Web applications with CORSAbout This Book• A step-by-step guide but at a high level/fast pace. Not all steps are covered as a basic knowledge is assumed• Provides a basic overview of the concepts but the focus is on providing the practical skills required to develop applications• Focuses on providing practical examplesWho This Book Is ForWeb developers have been limited by the Same Origin Policy and often wish they could spread their application across different domains. You know JavaScript and AJAX, and have run up against the Same Domain Policy, which is limiting your applications.What You Will Learn• Why you need CORS: Bending the Same Origin Policy and basic CORS implementation, headers and XMLHttpRequest• Creating proxies for CORS: Sometimes the header is not enough• Security: vulnerabilities and how to secure your CORS application• CORS implementations in Content Management systems• Learn about CORS in Windows applications• Take CORS on the Cloud• Apply CORS in Node.js• Best practices for CORSIn DetailThis book explains how to use CORS, including specific implementations for platforms such as Drupal, WordPress, IIS Server, ASP.NET, JBoss, Windows Azure, and Salesforce, as well as how to use CORS in the Cloud on Amazon AWS, YouTube, Mulesoft, and others. It examines limitations, security risks, and alternatives to CORS. It explores the W3C Specification and major developer documentation sources about CORS. It attempts to predict what kinds of extension to the CORS specification, or completely new techniques, will come in the future to address the limitations of CORSWeb developers will learn how to share code and assets across domains with CORS. They will learn a variety of techniques that are rather similar in their method and syntax. The book is organized by similar types of framework and application, so it can be used as a reference. Developers will learn about special cases, such as when a proxy is necessary. And they will learn about some alternative techniques that achieve similar goals, and when they may be preferable to using CORSStyle and approachA step-by-step guide filled with real-world applications

Frequently asked questions

How do I cancel my subscription?

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

Can/how do I download books?

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

What is the difference between the pricing plans?

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

What is Perlego?

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Do you support text-to-speech?

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Is CORS Essentials an online PDF/ePUB?

Yes, you can access CORS Essentials by Rajesh Gunasundaram, Randall Goya in PDF and/or ePUB format, as well as other popular books in Computer Science & Content Management Systems. We have over one million books available in our catalogue for you to explore.

Information

Publisher

Packt Publishing

Year

2017

ISBN

9781784391119

Edition

Topic

Computer Science

Subtopic

Content Management Systems

Index

Computer Science

CORS Essentials

Credits

About the Authors

www.PacktPub.com

eBooks, discount offers, and more

Why subscribe?

Customer Feedback

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. Why You Need CORS

The same-origin policy

Considering the origin of entities

Internet Explorer exception policy

Commonly allowed cross-origin resource sharing

DOM elements allowed for cross-origin sharing

Allowing cross-origin sharing in WebSockets

Limited cross-origin JavaScript API access

Permissions required by JavaScript

JavaScript data storage access is strictly limited by origin

How CORS works – the header and the request

The CORS header

Example 1 – CORS request with JavaScript

Passing a request to a utility function

Example 2: the CORS transaction to retrieve the title tag

Distributing DOM elements to multiple domains

Putting it all together

Securing when all domains are whitelisted

Methods to add security when a CORS header whitelists all domains

Simple CORS request methods

CORS with Preflight

Triggering a preflight by setting a custom header

The preflight request

The preflight response

CORS via jQuery

Known issues with CORS preflight

Preflight in Firefox

Preflight in Chrome

Preflight in Internet Explorer

Non-simple CORS request methods and headers require preflight

Checking for the withCredentials property

Troubleshooting and debugging CORS

Browser support for crossorigin attribute in the <script> tag

CORS with jQuery

jQuery CORS AJAX plugin

Enabling CORS globally with server configuration

Alternatives to CORS

Example of JSON-P

Using JSON-P – limitations and risks

Proposed JSON-P validation standard

WebSocket

WebSocket handshakes

WebSocket and cross-domain resource sharing

Risks of using WebSocket for cross-domain resource sharing

The window.postMessage method

postMessage risks and security measures

Summary

2. Creating Proxies for CORS

Proxies and the World Wide Web

What is a proxy server?

Reasons to use a proxy

Avoid mixing up protocols

Some API platforms require proxies or CORS

Getting through a local network firewall

Types of proxy server

Creating a proxy server with Google App Engine

Reverse proxy server

Reverse proxy server with Apache VirtualHost and .htaccess

Reverse proxy server in node.js

Summary

3. Usability and Security

CORS usability

Browser support for CORS

Detecting AJAX support in the browser

Using preflight for non-simple CORS requests

The HTTP request headers

HTTP response headers

Enhancing security in CORS

Limiting access when using the Access-Control-Allow-Origin, * wildcard

Trusting the HTTP_ORIGIN header is not recommended

Requests with credentials

CORS security cheat sheet by OWASP

Summary

4. CORS in Popular Content Management Frameworks

Incoming CORS requests

SAAS or self-hosted?

CORS in WordPress

Limited support for CORS in SAAS WordPress.com

Unauthenticated GET requests to WordPress.com

Authenticated requests to WordPress.com

CORS in self-hosted WordPress

Adding the Access-Control-Allow-Origin header in a template

WordPress plugins for CORS

WP-CORS plugin for WordPress

Allow CORS XML-RPC plugin for WordPress

CORS in Drupal

Enabling CORS in Drupal with custom code

Using the drupal_add_http_header function

Adding CORS support with .htaccess

Adding the CORS headers with custom code

Drupal contributed modules for CORS

Drupal CORS module

Drupal CDN module

Drupal Amazon S3 CORS upload module

CORS in Drupal 8 core

CORS in Joomla!

setHeader in JApplication web

matware-libraries on GitHub

Allowing CORS in the .htaccess file

CORS in Adobe Experience Manager

The com.adobe.cq.social.commons.cors package

Methods in the CORSAuthenticationFilter class

Methods In the CORSConfig class

Methods in the CORSAuthInfoPostProcessor class

Adding CORS headers in Scene 7 with a ruleset

Configuring the Sling Referrer Filter in the CRX Console

Summary

5. CORS in Windows

Incoming CORS requests

How to set the Access-Control-Allow-Origin header globally in Windows IIS Server

Setting CORS headers globally with web.config for IIS7 Server

Setting CORS headers globally with IIS manager for IIS 8.5 and higher

CORS in the ASP.NET Web API

Enabling CORS in the ASP.NET Web API

Installing the Web API Cross-Origin Support Package

Enabling the CorsMessageHandler

The EnableCorsAttribute class sets the CORS policies

Configuring the EnableCors class attributes in the ASP.NET Web API

Example: setting CORS policy for HTTP methods GET, PUT, and POST

Setting CORS policy with wildcards

Example: Setting CORS policy globally with wildcards

Example: Setting a global CORS policy with the WebApiConfig class

Disallowing CORS in classes or methods

Example: Using explicit values for HTTP methods

Example: Using the DisableCors attribute

Dynamic ASP.NET Web API CORS policies

Custom CORS policy attribute classes

Example: A custom CORS policy class

Custom policy provider factory

Registering the DynamicPolicyProviderFactory in WebApiConfig

Example: A custom CORS policy provider factory

Debugging the ASP.NET Web API Cross-Origin support framework

Server-side debugging

Client-side debugging

CORS in Windows Communication Foundation

CORS in Windows browsers ...

About This Book

Frequently asked questions

Information

CORS Essentials

Table of Contents

Table of contents