CORS Essentials
eBook - ePub

CORS Essentials

  1. 144 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

CORS Essentials

About this book

Share code and assets across domains in Web applications with CORSAbout This Book• A step-by-step guide but at a high level/fast pace. Not all steps are covered as a basic knowledge is assumed• Provides a basic overview of the concepts but the focus is on providing the practical skills required to develop applications• Focuses on providing practical examplesWho This Book Is ForWeb developers have been limited by the Same Origin Policy and often wish they could spread their application across different domains. You know JavaScript and AJAX, and have run up against the Same Domain Policy, which is limiting your applications.What You Will Learn• Why you need CORS: Bending the Same Origin Policy and basic CORS implementation, headers and XMLHttpRequest• Creating proxies for CORS: Sometimes the header is not enough• Security: vulnerabilities and how to secure your CORS application• CORS implementations in Content Management systems• Learn about CORS in Windows applications• Take CORS on the Cloud• Apply CORS in Node.js• Best practices for CORSIn DetailThis book explains how to use CORS, including specific implementations for platforms such as Drupal, WordPress, IIS Server, ASP.NET, JBoss, Windows Azure, and Salesforce, as well as how to use CORS in the Cloud on Amazon AWS, YouTube, Mulesoft, and others. It examines limitations, security risks, and alternatives to CORS. It explores the W3C Specification and major developer documentation sources about CORS. It attempts to predict what kinds of extension to the CORS specification, or completely new techniques, will come in the future to address the limitations of CORSWeb developers will learn how to share code and assets across domains with CORS. They will learn a variety of techniques that are rather similar in their method and syntax. The book is organized by similar types of framework and application, so it can be used as a reference. Developers will learn about special cases, such as when a proxy is necessary. And they will learn about some alternative techniques that achieve similar goals, and when they may be preferable to using CORSStyle and approachA step-by-step guide filled with real-world applications

Tools to learn more effectively

Saving Books

Saving Books

Keyword Search

Keyword Search

Annotating Text

Annotating Text

Listen to it instead

Listen to it instead

CORS Essentials

Table of Contents

CORS Essentials
Credits
About the Authors
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Customer Feedback
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
1. Why You Need CORS
The same-origin policy
Considering the origin of entities
Internet Explorer exception policy
Commonly allowed cross-origin resource sharing
DOM elements allowed for cross-origin sharing
Allowing cross-origin sharing in WebSockets
Limited cross-origin JavaScript API access
Permissions required by JavaScript
JavaScript data storage access is strictly limited by origin
How CORS works – the header and the request
The CORS header
Example 1 – CORS request with JavaScript
Passing a request to a utility function
Example 2: the CORS transaction to retrieve the title tag
Distributing DOM elements to multiple domains
Putting it all together
Securing when all domains are whitelisted
Methods to add security when a CORS header whitelists all domains
Simple CORS request methods
CORS with Preflight
Triggering a preflight by setting a custom header
The preflight request
The preflight response
CORS via jQuery
Known issues with CORS preflight
Preflight in Firefox
Preflight in Chrome
Preflight in Internet Explorer
Non-simple CORS request methods and headers require preflight
Checking for the withCredentials property
Troubleshooting and debugging CORS
Browser support for crossorigin attribute in the <script> tag
CORS with jQuery
jQuery CORS AJAX plugin
Enabling CORS globally with server configuration
Alternatives to CORS
Example of JSON-P
Using JSON-P – limitations and risks
Proposed JSON-P validation standard
WebSocket
WebSocket handshakes
WebSocket and cross-domain resource sharing
Risks of using WebSocket for cross-domain resource sharing
The window.postMessage method
postMessage risks and security measures
Summary
2. Creating Proxies for CORS
Proxies and the World Wide Web
What is a proxy server?
Reasons to use a proxy
Avoid mixing up protocols
Some API platforms require proxies or CORS
Getting through a local network firewall
Types of proxy server
Creating a proxy server with Google App Engine
Reverse proxy server
Reverse proxy server with Apache VirtualHost and .htaccess
Reverse proxy server in node.js
Summary
3. Usability and Security
CORS usability
Browser support for CORS
Detecting AJAX support in the browser
Using preflight for non-simple CORS requests
The HTTP request headers
HTTP response headers
Enhancing security in CORS
Limiting access when using the Access-Control-Allow-Origin, * wildcard
Trusting the HTTP_ORIGIN header is not recommended
Requests with credentials
CORS security cheat sheet by OWASP
Summary
4. CORS in Popular Content Management Frameworks
Incoming CORS requests
SAAS or self-hosted?
CORS in WordPress
Limited support for CORS in SAAS WordPress.com
Unauthenticated GET requests to WordPress.com
Authenticated requests to WordPress.com
CORS in self-hosted WordPress
Adding the Access-Control-Allow-Origin header in a template
WordPress plugins for CORS
WP-CORS plugin for WordPress
Allow CORS XML-RPC plugin for WordPress
CORS in Drupal
Enabling CORS in Drupal with custom code
Using the drupal_add_http_header function
Adding CORS support with .htaccess
Adding the CORS headers with custom code
Drupal contributed modules for CORS
Drupal CORS module
Drupal CDN module
Drupal Amazon S3 CORS upload module
CORS in Drupal 8 core
CORS in Joomla!
setHeader in JApplication web
matware-libraries on GitHub
Allowing CORS in the .htaccess file
CORS in Adobe Experience Manager
The com.adobe.cq.social.commons.cors package
Methods in the CORSAuthenticationFilter class
Methods In the CORSConfig class
Methods in the CORSAuthInfoPostProcessor class
Adding CORS headers in Scene 7 with a ruleset
Configuring the Sling Referrer Filter in the CRX Console
Summary
5. CORS in Windows
Incoming CORS requests
How to set the Access-Control-Allow-Origin header globally in Windows IIS Server
Setting CORS headers globally with web.config for IIS7 Server
Setting CORS headers globally with IIS manager for IIS 8.5 and higher
CORS in the ASP.NET Web API
Enabling CORS in the ASP.NET Web API
Installing the Web API Cross-Origin Support Package
Enabling the CorsMessageHandler
The EnableCorsAttribute class sets the CORS policies
Configuring the EnableCors class attributes in the ASP.NET Web API
Example: setting CORS policy for HTTP methods GET, PUT, and POST
Setting CORS policy with wildcards
Example: Setting CORS policy globally with wildcards
Example: Setting a global CORS policy with the WebApiConfig class
Disallowing CORS in classes or methods
Example: Using explicit values for HTTP methods
Example: Using the DisableCors attribute
Dynamic ASP.NET Web API CORS policies
Custom CORS policy attribute classes
Example: A custom CORS policy class
Custom policy provider factory
Registering the DynamicPolicyProviderFactory in WebApiConfig
Example: A custom CORS policy provider factory
Debugging the ASP.NET Web API Cross-Origin support framework
Server-side debugging
Client-side debugging
CORS in Windows Communication Foundation
CORS in Windows browsers ...

Table of contents

  1. CORS Essentials

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access CORS Essentials by Rajesh Gunasundaram, Randall Goya in PDF and/or ePUB format, as well as other popular books in Computer Science & Content Management Systems. We have over one million books available in our catalogue for you to explore.