CORS Essentials
eBook - ePub

CORS Essentials

Rajesh Gunasundaram, Randall Goya

Compartir libro
  1. 144 páginas
  2. English
  3. ePUB (apto para móviles)
  4. Disponible en iOS y Android
eBook - ePub

CORS Essentials

Rajesh Gunasundaram, Randall Goya

Detalles del libro
Vista previa del libro
Índice
Citas

Información del libro

Share code and assets across domains in Web applications with CORSAbout This Book• A step-by-step guide but at a high level/fast pace. Not all steps are covered as a basic knowledge is assumed• Provides a basic overview of the concepts but the focus is on providing the practical skills required to develop applications• Focuses on providing practical examplesWho This Book Is ForWeb developers have been limited by the Same Origin Policy and often wish they could spread their application across different domains. You know JavaScript and AJAX, and have run up against the Same Domain Policy, which is limiting your applications.What You Will Learn• Why you need CORS: Bending the Same Origin Policy and basic CORS implementation, headers and XMLHttpRequest• Creating proxies for CORS: Sometimes the header is not enough• Security: vulnerabilities and how to secure your CORS application• CORS implementations in Content Management systems• Learn about CORS in Windows applications• Take CORS on the Cloud• Apply CORS in Node.js• Best practices for CORSIn DetailThis book explains how to use CORS, including specific implementations for platforms such as Drupal, WordPress, IIS Server, ASP.NET, JBoss, Windows Azure, and Salesforce, as well as how to use CORS in the Cloud on Amazon AWS, YouTube, Mulesoft, and others. It examines limitations, security risks, and alternatives to CORS. It explores the W3C Specification and major developer documentation sources about CORS. It attempts to predict what kinds of extension to the CORS specification, or completely new techniques, will come in the future to address the limitations of CORSWeb developers will learn how to share code and assets across domains with CORS. They will learn a variety of techniques that are rather similar in their method and syntax. The book is organized by similar types of framework and application, so it can be used as a reference. Developers will learn about special cases, such as when a proxy is necessary. And they will learn about some alternative techniques that achieve similar goals, and when they may be preferable to using CORSStyle and approachA step-by-step guide filled with real-world applications

Preguntas frecuentes

¿Cómo cancelo mi suscripción?
Simplemente, dirígete a la sección ajustes de la cuenta y haz clic en «Cancelar suscripción». Así de sencillo. Después de cancelar tu suscripción, esta permanecerá activa el tiempo restante que hayas pagado. Obtén más información aquí.
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es CORS Essentials un PDF/ePUB en línea?
Sí, puedes acceder a CORS Essentials de Rajesh Gunasundaram, Randall Goya en formato PDF o ePUB, así como a otros libros populares de Computer Science y Content Management Systems. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.

Información

Editorial
Packt Publishing
Año
2017
ISBN
9781784391119
Edición
1
Categoría
Computer Science
Categoría
Content Management Systems

CORS Essentials

Table of Contents

CORS Essentials
Credits
About the Authors
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Customer Feedback
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
1. Why You Need CORS
The same-origin policy
Considering the origin of entities
Internet Explorer exception policy
Commonly allowed cross-origin resource sharing
DOM elements allowed for cross-origin sharing
Allowing cross-origin sharing in WebSockets
Limited cross-origin JavaScript API access
Permissions required by JavaScript
JavaScript data storage access is strictly limited by origin
How CORS works – the header and the request
The CORS header
Example 1 – CORS request with JavaScript
Passing a request to a utility function
Example 2: the CORS transaction to retrieve the title tag
Distributing DOM elements to multiple domains
Putting it all together
Securing when all domains are whitelisted
Methods to add security when a CORS header whitelists all domains
Simple CORS request methods
CORS with Preflight
Triggering a preflight by setting a custom header
The preflight request
The preflight response
CORS via jQuery
Known issues with CORS preflight
Preflight in Firefox
Preflight in Chrome
Preflight in Internet Explorer
Non-simple CORS request methods and headers require preflight
Checking for the withCredentials property
Troubleshooting and debugging CORS
Browser support for crossorigin attribute in the <script> tag
CORS with jQuery
jQuery CORS AJAX plugin
Enabling CORS globally with server configuration
Alternatives to CORS
Example of JSON-P
Using JSON-P – limitations and risks
Proposed JSON-P validation standard
WebSocket
WebSocket handshakes
WebSocket and cross-domain resource sharing
Risks of using WebSocket for cross-domain resource sharing
The window.postMessage method
postMessage risks and security measures
Summary
2. Creating Proxies for CORS
Proxies and the World Wide Web
What is a proxy server?
Reasons to use a proxy
Avoid mixing up protocols
Some API platforms require proxies or CORS
Getting through a local network firewall
Types of proxy server
Creating a proxy server with Google App Engine
Reverse proxy server
Reverse proxy server with Apache VirtualHost and .htaccess
Reverse proxy server in node.js
Summary
3. Usability and Security
CORS usability
Browser support for CORS
Detecting AJAX support in the browser
Using preflight for non-simple CORS requests
The HTTP request headers
HTTP response headers
Enhancing security in CORS
Limiting access when using the Access-Control-Allow-Origin, * wildcard
Trusting the HTTP_ORIGIN header is not recommended
Requests with credentials
CORS security cheat sheet by OWASP
Summary
4. CORS in Popular Content Management Frameworks
Incoming CORS requests
SAAS or self-hosted?
CORS in WordPress
Limited support for CORS in SAAS WordPress.com
Unauthenticated GET requests to WordPress.com
Authenticated requests to WordPress.com
CORS in self-hosted WordPress
Adding the Access-Control-Allow-Origin header in a template
WordPress plugins for CORS
WP-CORS plugin for WordPress
Allow CORS XML-RPC plugin for WordPress
CORS in Drupal
Enabling CORS in Drupal with custom code
Using the drupal_add_http_header function
Adding CORS support with .htaccess
Adding the CORS headers with custom code
Drupal contributed modules for CORS
Drupal CORS module
Drupal CDN module
Drupal Amazon S3 CORS upload module
CORS in Drupal 8 core
CORS in Joomla!
setHeader in JApplication web
matware-libraries on GitHub
Allowing CORS in the .htaccess file
CORS in Adobe Experience Manager
The com.adobe.cq.social.commons.cors package
Methods in the CORSAuthenticationFilter class
Methods In the CORSConfig class
Methods in the CORSAuthInfoPostProcessor class
Adding CORS headers in Scene 7 with a ruleset
Configuring the Sling Referrer Filter in the CRX Console
Summary
5. CORS in Windows
Incoming CORS requests
How to set the Access-Control-Allow-Origin header globally in Windows IIS Server
Setting CORS headers globally with web.config for IIS7 Server
Setting CORS headers globally with IIS manager for IIS 8.5 and higher
CORS in the ASP.NET Web API
Enabling CORS in the ASP.NET Web API
Installing the Web API Cross-Origin Support Package
Enabling the CorsMessageHandler
The EnableCorsAttribute class sets the CORS policies
Configuring the EnableCors class attributes in the ASP.NET Web API
Example: setting CORS policy for HTTP methods GET, PUT, and POST
Setting CORS policy with wildcards
Example: Setting CORS policy globally with wildcards
Example: Setting a global CORS policy with the WebApiConfig class
Disallowing CORS in classes or methods
Example: Using explicit values for HTTP methods
Example: Using the DisableCors attribute
Dynamic ASP.NET Web API CORS policies
Custom CORS policy attribute classes
Example: A custom CORS policy class
Custom policy provider factory
Registering the DynamicPolicyProviderFactory in WebApiConfig
Example: A custom CORS policy provider factory
Debugging the ASP.NET Web API Cross-Origin support framework
Server-side debugging
Client-side debugging
CORS in Windows Communication Foundation
CORS in Windows browsers ...

Índice