CORS Essentials.:
Share code and assets across domains in Web applications with CORSAbout This Book* A step-by-step guide but at a high level/fast pace. Not all steps are covered as a basic knowledge is assumed* Provides a basic overview of the concepts but the focus is on providing the practical skills required to d...
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Elektronisch E-Book |
| Sprache: | English |
| Veröffentlicht: |
Packt Publishing,
2017.
|
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Zusammenfassung: | Share code and assets across domains in Web applications with CORSAbout This Book* A step-by-step guide but at a high level/fast pace. Not all steps are covered as a basic knowledge is assumed* Provides a basic overview of the concepts but the focus is on providing the practical skills required to develop applications* Focuses on providing practical examplesWho This Book Is ForWeb developers have been limited by the Same Origin Policy and often wish they could spread their application across different domains. You know JavaScript and AJAX, and have run up against the Same Domain Policy, which is limiting your applications. What You Will Learn* Why you need CORS: Bending the Same Origin Policy and basic CORS implementation, headers and XMLHttpRequest* Creating proxies for CORS: Sometimes the header is not enough* Security: vulnerabilities and how to secure your CORS application* CORS implementations in Content Management systems* Learn about CORS in Windows applications* Take CORS on the Cloud* Apply CORS in Node.js* Best practices for CORSIn DetailThis book explains how to use CORS, including specific implementations for platforms such as Drupal, WordPress, IIS Server, ASP.NET, JBoss, Windows Azure, and Salesforce, as well as how to use CORS in the Cloud on Amazon AWS, YouTube, Mulesoft, and others. It examines limitations, security risks, and alternatives to CORS. It explores the W3C Specification and major developer documentation sources about CORS. It attempts to predict what kinds of extension to the CORS specification, or completely new techniques, will come in the future to address the limitations of CORSWeb developers will learn how to share code and assets across domains with CORS. They will learn a variety of techniques that are rather similar in their method and syntax. The book is organized by similar types of framework and application, so it can be used as a reference. Developers will learn about special cases, such as when a proxy is necessary. And they will learn about some alternative techniques that achieve similar goals, and when they may be preferable to using CORSStyle and approachA step-by-step guide filled with real-world applications. |
| Beschreibung: | 1 online resource |
| ISBN: | 1784391115 9781784391119 |
Internformat
MARC
| LEADER | 00000cam a2200000Ma 4500 | ||
|---|---|---|---|
| 001 | ZDB-4-EBA-ocn988764763 | ||
| 003 | OCoLC | ||
| 005 | 20241004212047.0 | ||
| 006 | m o d | ||
| 007 | cr |n||||||||| | ||
| 008 | 170602s2017 xx o 000 0 eng d | ||
| 040 | |a IDEBK |b eng |e pn |c IDEBK |d EBLCP |d IDEBK |d MERUC |d YDX |d OCLCQ |d CHVBK |d OCLCQ |d COO |d OCLCO |d OCLCF |d UOK |d WYU |d OCLCQ |d LVT |d UKAHL |d NLW |d OCLCQ |d N$T |d OCLCO |d K6U |d OCLCQ |d OCLCO |d OCLCL |d SXB |d OCLCQ |d UEJ |d OCLCQ | ||
| 019 | |a 989043439 | ||
| 020 | |a 1784391115 |q (ebk) | ||
| 020 | |a 9781784391119 |q (electronic bk.) | ||
| 035 | |a (OCoLC)988764763 |z (OCoLC)989043439 | ||
| 037 | |a 1013360 |b MIL | ||
| 050 | 4 | |a T55.4-60.8 | |
| 082 | 1 | 4 | |a [E] |
| 049 | |a MAIN | ||
| 100 | 1 | |a Gunasundaram, Rajesh. | |
| 245 | 1 | 0 | |a CORS Essentials. |
| 260 | |b Packt Publishing, |c 2017. | ||
| 300 | |a 1 online resource | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 588 | 0 | |a Print version record. | |
| 505 | 0 | |a Cover; Copyright; Credits; About the Authors; www.PacktPub.com; Customer Feedback; Table of Contents; Preface; Chapter 1: Why You Need CORS; The same-origin policy; Considering the origin of entities; Internet Explorer exception policy; Commonly allowed cross-origin resource sharing; DOM elements allowed for cross-origin sharing; Allowing cross-origin sharing in WebSockets; Limited cross-origin JavaScript API access; Permissions required by JavaScript; JavaScript data storage access is strictly limited by origin; How CORS works -- the header and the request; The CORS header. | |
| 505 | 8 | |a Example 1 -- CORS request with JavaScriptPassing a request to a utility function; Example 2: the CORS transaction to retrieve the title tag; Distributing DOM elements to multiple domains; Putting it all together; Securing when all domains are whitelisted; Methods to add security when a CORS header whitelists all domains; Simple CORS request methods; CORS with Preflight; Triggering a preflight by setting a custom header; The preflight request; The preflight response; CORS via jQuery; Known issues with CORS preflight; Preflight in Firefox; Preflight in Chrome; Preflight in Internet Explorer. | |
| 505 | 8 | |a Non-simple CORS request methods and headers require preflightChecking for the withCredentials property; Troubleshooting and debugging CORS; Browser support for crossorigin attribute in the tag; CORS with jQuery; jQuery CORS AJAX plugin; Enabling CORS globally with server configuration; Alternatives to CORS; Example of JSON-P; Using JSON-P -- limitations and risks; Proposed JSON-P validation standard; WebSocket; WebSocket handshakes; WebSocket and cross-domain resource sharing; Risks of using WebSocket for cross-domain resource sharing; The window.postMessage method. | |
| 505 | 8 | |a PostMessage risks and security measuresSummary; Chapter 2: Creating Proxies for CORS; Proxies and the World Wide Web; What is a proxy server?; Reasons to use a proxy; Avoid mixing up protocols; Some API platforms require proxies or CORS; Getting through a local network firewall; Types of proxy server; Creating a proxy server with Google App Engine; Reverse proxy server; Reverse proxy server with Apache VirtualHost and .htaccess; Reverse proxy server in node.js; Summary; Chapter 3: Usability and Security; CORS usability; Browser support for CORS; Detecting AJAX support in the browser. | |
| 505 | 8 | |a Using preflight for non-simple CORS requestsThe HTTP request headers; HTTP response headers; Enhancing security in CORS; Limiting access when using the Access-Control-Allow-Origin, * wildcard; Trusting the HTTP_ORIGIN header is not recommended; Requests with credentials; CORS security cheat sheet by OWASP; Summary; Chapter 4: CORS in Popular Content Management Frameworks; Incoming CORS requests; SAAS or self-hosted?; CORS in WordPress; Limited support for CORS in SAAS WordPress.com; Unauthenticated GET requests to WordPress.com; Authenticated requests to WordPress.com. | |
| 520 | 8 | |a Share code and assets across domains in Web applications with CORSAbout This Book* A step-by-step guide but at a high level/fast pace. Not all steps are covered as a basic knowledge is assumed* Provides a basic overview of the concepts but the focus is on providing the practical skills required to develop applications* Focuses on providing practical examplesWho This Book Is ForWeb developers have been limited by the Same Origin Policy and often wish they could spread their application across different domains. You know JavaScript and AJAX, and have run up against the Same Domain Policy, which is limiting your applications. What You Will Learn* Why you need CORS: Bending the Same Origin Policy and basic CORS implementation, headers and XMLHttpRequest* Creating proxies for CORS: Sometimes the header is not enough* Security: vulnerabilities and how to secure your CORS application* CORS implementations in Content Management systems* Learn about CORS in Windows applications* Take CORS on the Cloud* Apply CORS in Node.js* Best practices for CORSIn DetailThis book explains how to use CORS, including specific implementations for platforms such as Drupal, WordPress, IIS Server, ASP.NET, JBoss, Windows Azure, and Salesforce, as well as how to use CORS in the Cloud on Amazon AWS, YouTube, Mulesoft, and others. It examines limitations, security risks, and alternatives to CORS. It explores the W3C Specification and major developer documentation sources about CORS. It attempts to predict what kinds of extension to the CORS specification, or completely new techniques, will come in the future to address the limitations of CORSWeb developers will learn how to share code and assets across domains with CORS. They will learn a variety of techniques that are rather similar in their method and syntax. The book is organized by similar types of framework and application, so it can be used as a reference. Developers will learn about special cases, such as when a proxy is necessary. And they will learn about some alternative techniques that achieve similar goals, and when they may be preferable to using CORSStyle and approachA step-by-step guide filled with real-world applications. | |
| 650 | 0 | |a Web services. |0 http://id.loc.gov/authorities/subjects/sh2003001435 | |
| 650 | 0 | |a Application program interfaces. | |
| 650 | 6 | |a Services Web. | |
| 650 | 7 | |a COMPUTERS |x Web |x Content Management Systems. |2 bisacsh | |
| 650 | 7 | |a COMPUTERS |x Web |x Web Services & APIs. |2 bisacsh | |
| 650 | 7 | |a COMPUTERS |x Web |x Web Programming. |2 bisacsh | |
| 650 | 7 | |a Web services |2 fast | |
| 758 | |i has work: |a CORS Essentials (Text) |1 https://id.oclc.org/worldcat/entity/E39PCYRcCWQRGdJyJbrGDg4Dv3 |4 https://id.oclc.org/worldcat/ontology/hasWork | ||
| 856 | 4 | 0 | |l FWS01 |p ZDB-4-EBA |q FWS_PDA_EBA |u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1528134 |3 Volltext |
| 938 | |a Askews and Holts Library Services |b ASKH |n BDZ0034281394 | ||
| 938 | |a EBL - Ebook Library |b EBLB |n EBL4868541 | ||
| 938 | |a ProQuest MyiLibrary Digital eBook Collection |b IDEB |n cis38293142 | ||
| 938 | |a YBP Library Services |b YANK |n 14537517 | ||
| 938 | |a EBSCOhost |b EBSC |n 1528134 | ||
| 994 | |a 92 |b GEBAY | ||
| 912 | |a ZDB-4-EBA | ||
| 049 | |a DE-863 | ||
Datensatz im Suchindex
| DE-BY-FWS_katkey | ZDB-4-EBA-ocn988764763 |
|---|---|
| _version_ | 1816882391055073280 |
| adam_text | |
| any_adam_object | |
| author | Gunasundaram, Rajesh |
| author_facet | Gunasundaram, Rajesh |
| author_role | |
| author_sort | Gunasundaram, Rajesh |
| author_variant | r g rg |
| building | Verbundindex |
| bvnumber | localFWS |
| callnumber-first | T - Technology |
| callnumber-label | T55 |
| callnumber-raw | T55.4-60.8 |
| callnumber-search | T55.4-60.8 |
| callnumber-sort | T 255.4 260.8 |
| callnumber-subject | T - General Technology |
| collection | ZDB-4-EBA |
| contents | Cover; Copyright; Credits; About the Authors; www.PacktPub.com; Customer Feedback; Table of Contents; Preface; Chapter 1: Why You Need CORS; The same-origin policy; Considering the origin of entities; Internet Explorer exception policy; Commonly allowed cross-origin resource sharing; DOM elements allowed for cross-origin sharing; Allowing cross-origin sharing in WebSockets; Limited cross-origin JavaScript API access; Permissions required by JavaScript; JavaScript data storage access is strictly limited by origin; How CORS works -- the header and the request; The CORS header. Example 1 -- CORS request with JavaScriptPassing a request to a utility function; Example 2: the CORS transaction to retrieve the title tag; Distributing DOM elements to multiple domains; Putting it all together; Securing when all domains are whitelisted; Methods to add security when a CORS header whitelists all domains; Simple CORS request methods; CORS with Preflight; Triggering a preflight by setting a custom header; The preflight request; The preflight response; CORS via jQuery; Known issues with CORS preflight; Preflight in Firefox; Preflight in Chrome; Preflight in Internet Explorer. Non-simple CORS request methods and headers require preflightChecking for the withCredentials property; Troubleshooting and debugging CORS; Browser support for crossorigin attribute in the tag; CORS with jQuery; jQuery CORS AJAX plugin; Enabling CORS globally with server configuration; Alternatives to CORS; Example of JSON-P; Using JSON-P -- limitations and risks; Proposed JSON-P validation standard; WebSocket; WebSocket handshakes; WebSocket and cross-domain resource sharing; Risks of using WebSocket for cross-domain resource sharing; The window.postMessage method. PostMessage risks and security measuresSummary; Chapter 2: Creating Proxies for CORS; Proxies and the World Wide Web; What is a proxy server?; Reasons to use a proxy; Avoid mixing up protocols; Some API platforms require proxies or CORS; Getting through a local network firewall; Types of proxy server; Creating a proxy server with Google App Engine; Reverse proxy server; Reverse proxy server with Apache VirtualHost and .htaccess; Reverse proxy server in node.js; Summary; Chapter 3: Usability and Security; CORS usability; Browser support for CORS; Detecting AJAX support in the browser. Using preflight for non-simple CORS requestsThe HTTP request headers; HTTP response headers; Enhancing security in CORS; Limiting access when using the Access-Control-Allow-Origin, * wildcard; Trusting the HTTP_ORIGIN header is not recommended; Requests with credentials; CORS security cheat sheet by OWASP; Summary; Chapter 4: CORS in Popular Content Management Frameworks; Incoming CORS requests; SAAS or self-hosted?; CORS in WordPress; Limited support for CORS in SAAS WordPress.com; Unauthenticated GET requests to WordPress.com; Authenticated requests to WordPress.com. |
| ctrlnum | (OCoLC)988764763 |
| dewey-raw | [E] |
| dewey-search | [E] |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>07160cam a2200553Ma 4500</leader><controlfield tag="001">ZDB-4-EBA-ocn988764763</controlfield><controlfield tag="003">OCoLC</controlfield><controlfield tag="005">20241004212047.0</controlfield><controlfield tag="006">m o d </controlfield><controlfield tag="007">cr |n|||||||||</controlfield><controlfield tag="008">170602s2017 xx o 000 0 eng d</controlfield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">IDEBK</subfield><subfield code="b">eng</subfield><subfield code="e">pn</subfield><subfield code="c">IDEBK</subfield><subfield code="d">EBLCP</subfield><subfield code="d">IDEBK</subfield><subfield code="d">MERUC</subfield><subfield code="d">YDX</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">CHVBK</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">COO</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCF</subfield><subfield code="d">UOK</subfield><subfield code="d">WYU</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">LVT</subfield><subfield code="d">UKAHL</subfield><subfield code="d">NLW</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">N$T</subfield><subfield code="d">OCLCO</subfield><subfield code="d">K6U</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCL</subfield><subfield code="d">SXB</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">UEJ</subfield><subfield code="d">OCLCQ</subfield></datafield><datafield tag="019" ind1=" " ind2=" "><subfield code="a">989043439</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1784391115</subfield><subfield code="q">(ebk)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781784391119</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)988764763</subfield><subfield code="z">(OCoLC)989043439</subfield></datafield><datafield tag="037" ind1=" " ind2=" "><subfield code="a">1013360</subfield><subfield code="b">MIL</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">T55.4-60.8</subfield></datafield><datafield tag="082" ind1="1" ind2="4"><subfield code="a">[E]</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">MAIN</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Gunasundaram, Rajesh.</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">CORS Essentials.</subfield></datafield><datafield tag="260" ind1=" " ind2=" "><subfield code="b">Packt Publishing,</subfield><subfield code="c">2017.</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="588" ind1="0" ind2=" "><subfield code="a">Print version record.</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">Cover; Copyright; Credits; About the Authors; www.PacktPub.com; Customer Feedback; Table of Contents; Preface; Chapter 1: Why You Need CORS; The same-origin policy; Considering the origin of entities; Internet Explorer exception policy; Commonly allowed cross-origin resource sharing; DOM elements allowed for cross-origin sharing; Allowing cross-origin sharing in WebSockets; Limited cross-origin JavaScript API access; Permissions required by JavaScript; JavaScript data storage access is strictly limited by origin; How CORS works -- the header and the request; The CORS header.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Example 1 -- CORS request with JavaScriptPassing a request to a utility function; Example 2: the CORS transaction to retrieve the title tag; Distributing DOM elements to multiple domains; Putting it all together; Securing when all domains are whitelisted; Methods to add security when a CORS header whitelists all domains; Simple CORS request methods; CORS with Preflight; Triggering a preflight by setting a custom header; The preflight request; The preflight response; CORS via jQuery; Known issues with CORS preflight; Preflight in Firefox; Preflight in Chrome; Preflight in Internet Explorer.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Non-simple CORS request methods and headers require preflightChecking for the withCredentials property; Troubleshooting and debugging CORS; Browser support for crossorigin attribute in the tag; CORS with jQuery; jQuery CORS AJAX plugin; Enabling CORS globally with server configuration; Alternatives to CORS; Example of JSON-P; Using JSON-P -- limitations and risks; Proposed JSON-P validation standard; WebSocket; WebSocket handshakes; WebSocket and cross-domain resource sharing; Risks of using WebSocket for cross-domain resource sharing; The window.postMessage method.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">PostMessage risks and security measuresSummary; Chapter 2: Creating Proxies for CORS; Proxies and the World Wide Web; What is a proxy server?; Reasons to use a proxy; Avoid mixing up protocols; Some API platforms require proxies or CORS; Getting through a local network firewall; Types of proxy server; Creating a proxy server with Google App Engine; Reverse proxy server; Reverse proxy server with Apache VirtualHost and .htaccess; Reverse proxy server in node.js; Summary; Chapter 3: Usability and Security; CORS usability; Browser support for CORS; Detecting AJAX support in the browser.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Using preflight for non-simple CORS requestsThe HTTP request headers; HTTP response headers; Enhancing security in CORS; Limiting access when using the Access-Control-Allow-Origin, * wildcard; Trusting the HTTP_ORIGIN header is not recommended; Requests with credentials; CORS security cheat sheet by OWASP; Summary; Chapter 4: CORS in Popular Content Management Frameworks; Incoming CORS requests; SAAS or self-hosted?; CORS in WordPress; Limited support for CORS in SAAS WordPress.com; Unauthenticated GET requests to WordPress.com; Authenticated requests to WordPress.com.</subfield></datafield><datafield tag="520" ind1="8" ind2=" "><subfield code="a">Share code and assets across domains in Web applications with CORSAbout This Book* A step-by-step guide but at a high level/fast pace. Not all steps are covered as a basic knowledge is assumed* Provides a basic overview of the concepts but the focus is on providing the practical skills required to develop applications* Focuses on providing practical examplesWho This Book Is ForWeb developers have been limited by the Same Origin Policy and often wish they could spread their application across different domains. You know JavaScript and AJAX, and have run up against the Same Domain Policy, which is limiting your applications. What You Will Learn* Why you need CORS: Bending the Same Origin Policy and basic CORS implementation, headers and XMLHttpRequest* Creating proxies for CORS: Sometimes the header is not enough* Security: vulnerabilities and how to secure your CORS application* CORS implementations in Content Management systems* Learn about CORS in Windows applications* Take CORS on the Cloud* Apply CORS in Node.js* Best practices for CORSIn DetailThis book explains how to use CORS, including specific implementations for platforms such as Drupal, WordPress, IIS Server, ASP.NET, JBoss, Windows Azure, and Salesforce, as well as how to use CORS in the Cloud on Amazon AWS, YouTube, Mulesoft, and others. It examines limitations, security risks, and alternatives to CORS. It explores the W3C Specification and major developer documentation sources about CORS. It attempts to predict what kinds of extension to the CORS specification, or completely new techniques, will come in the future to address the limitations of CORSWeb developers will learn how to share code and assets across domains with CORS. They will learn a variety of techniques that are rather similar in their method and syntax. The book is organized by similar types of framework and application, so it can be used as a reference. Developers will learn about special cases, such as when a proxy is necessary. And they will learn about some alternative techniques that achieve similar goals, and when they may be preferable to using CORSStyle and approachA step-by-step guide filled with real-world applications.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Web services.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh2003001435</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Application program interfaces.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Services Web.</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">Web</subfield><subfield code="x">Content Management Systems.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">Web</subfield><subfield code="x">Web Services & APIs.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">Web</subfield><subfield code="x">Web Programming.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Web services</subfield><subfield code="2">fast</subfield></datafield><datafield tag="758" ind1=" " ind2=" "><subfield code="i">has work:</subfield><subfield code="a">CORS Essentials (Text)</subfield><subfield code="1">https://id.oclc.org/worldcat/entity/E39PCYRcCWQRGdJyJbrGDg4Dv3</subfield><subfield code="4">https://id.oclc.org/worldcat/ontology/hasWork</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="l">FWS01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1528134</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">Askews and Holts Library Services</subfield><subfield code="b">ASKH</subfield><subfield code="n">BDZ0034281394</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBL - Ebook Library</subfield><subfield code="b">EBLB</subfield><subfield code="n">EBL4868541</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">ProQuest MyiLibrary Digital eBook Collection</subfield><subfield code="b">IDEB</subfield><subfield code="n">cis38293142</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">YBP Library Services</subfield><subfield code="b">YANK</subfield><subfield code="n">14537517</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBSCOhost</subfield><subfield code="b">EBSC</subfield><subfield code="n">1528134</subfield></datafield><datafield tag="994" ind1=" " ind2=" "><subfield code="a">92</subfield><subfield code="b">GEBAY</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-863</subfield></datafield></record></collection> |
| id | ZDB-4-EBA-ocn988764763 |
| illustrated | Not Illustrated |
| indexdate | 2024-11-27T13:27:52Z |
| institution | BVB |
| isbn | 1784391115 9781784391119 |
| language | English |
| oclc_num | 988764763 |
| open_access_boolean | |
| owner | MAIN DE-863 DE-BY-FWS |
| owner_facet | MAIN DE-863 DE-BY-FWS |
| physical | 1 online resource |
| psigel | ZDB-4-EBA |
| publishDate | 2017 |
| publishDateSearch | 2017 |
| publishDateSort | 2017 |
| publisher | Packt Publishing, |
| record_format | marc |
| spelling | Gunasundaram, Rajesh. CORS Essentials. Packt Publishing, 2017. 1 online resource text txt rdacontent computer c rdamedia online resource cr rdacarrier Print version record. Cover; Copyright; Credits; About the Authors; www.PacktPub.com; Customer Feedback; Table of Contents; Preface; Chapter 1: Why You Need CORS; The same-origin policy; Considering the origin of entities; Internet Explorer exception policy; Commonly allowed cross-origin resource sharing; DOM elements allowed for cross-origin sharing; Allowing cross-origin sharing in WebSockets; Limited cross-origin JavaScript API access; Permissions required by JavaScript; JavaScript data storage access is strictly limited by origin; How CORS works -- the header and the request; The CORS header. Example 1 -- CORS request with JavaScriptPassing a request to a utility function; Example 2: the CORS transaction to retrieve the title tag; Distributing DOM elements to multiple domains; Putting it all together; Securing when all domains are whitelisted; Methods to add security when a CORS header whitelists all domains; Simple CORS request methods; CORS with Preflight; Triggering a preflight by setting a custom header; The preflight request; The preflight response; CORS via jQuery; Known issues with CORS preflight; Preflight in Firefox; Preflight in Chrome; Preflight in Internet Explorer. Non-simple CORS request methods and headers require preflightChecking for the withCredentials property; Troubleshooting and debugging CORS; Browser support for crossorigin attribute in the tag; CORS with jQuery; jQuery CORS AJAX plugin; Enabling CORS globally with server configuration; Alternatives to CORS; Example of JSON-P; Using JSON-P -- limitations and risks; Proposed JSON-P validation standard; WebSocket; WebSocket handshakes; WebSocket and cross-domain resource sharing; Risks of using WebSocket for cross-domain resource sharing; The window.postMessage method. PostMessage risks and security measuresSummary; Chapter 2: Creating Proxies for CORS; Proxies and the World Wide Web; What is a proxy server?; Reasons to use a proxy; Avoid mixing up protocols; Some API platforms require proxies or CORS; Getting through a local network firewall; Types of proxy server; Creating a proxy server with Google App Engine; Reverse proxy server; Reverse proxy server with Apache VirtualHost and .htaccess; Reverse proxy server in node.js; Summary; Chapter 3: Usability and Security; CORS usability; Browser support for CORS; Detecting AJAX support in the browser. Using preflight for non-simple CORS requestsThe HTTP request headers; HTTP response headers; Enhancing security in CORS; Limiting access when using the Access-Control-Allow-Origin, * wildcard; Trusting the HTTP_ORIGIN header is not recommended; Requests with credentials; CORS security cheat sheet by OWASP; Summary; Chapter 4: CORS in Popular Content Management Frameworks; Incoming CORS requests; SAAS or self-hosted?; CORS in WordPress; Limited support for CORS in SAAS WordPress.com; Unauthenticated GET requests to WordPress.com; Authenticated requests to WordPress.com. Share code and assets across domains in Web applications with CORSAbout This Book* A step-by-step guide but at a high level/fast pace. Not all steps are covered as a basic knowledge is assumed* Provides a basic overview of the concepts but the focus is on providing the practical skills required to develop applications* Focuses on providing practical examplesWho This Book Is ForWeb developers have been limited by the Same Origin Policy and often wish they could spread their application across different domains. You know JavaScript and AJAX, and have run up against the Same Domain Policy, which is limiting your applications. What You Will Learn* Why you need CORS: Bending the Same Origin Policy and basic CORS implementation, headers and XMLHttpRequest* Creating proxies for CORS: Sometimes the header is not enough* Security: vulnerabilities and how to secure your CORS application* CORS implementations in Content Management systems* Learn about CORS in Windows applications* Take CORS on the Cloud* Apply CORS in Node.js* Best practices for CORSIn DetailThis book explains how to use CORS, including specific implementations for platforms such as Drupal, WordPress, IIS Server, ASP.NET, JBoss, Windows Azure, and Salesforce, as well as how to use CORS in the Cloud on Amazon AWS, YouTube, Mulesoft, and others. It examines limitations, security risks, and alternatives to CORS. It explores the W3C Specification and major developer documentation sources about CORS. It attempts to predict what kinds of extension to the CORS specification, or completely new techniques, will come in the future to address the limitations of CORSWeb developers will learn how to share code and assets across domains with CORS. They will learn a variety of techniques that are rather similar in their method and syntax. The book is organized by similar types of framework and application, so it can be used as a reference. Developers will learn about special cases, such as when a proxy is necessary. And they will learn about some alternative techniques that achieve similar goals, and when they may be preferable to using CORSStyle and approachA step-by-step guide filled with real-world applications. Web services. http://id.loc.gov/authorities/subjects/sh2003001435 Application program interfaces. Services Web. COMPUTERS Web Content Management Systems. bisacsh COMPUTERS Web Web Services & APIs. bisacsh COMPUTERS Web Web Programming. bisacsh Web services fast has work: CORS Essentials (Text) https://id.oclc.org/worldcat/entity/E39PCYRcCWQRGdJyJbrGDg4Dv3 https://id.oclc.org/worldcat/ontology/hasWork FWS01 ZDB-4-EBA FWS_PDA_EBA https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1528134 Volltext |
| spellingShingle | Gunasundaram, Rajesh CORS Essentials. Cover; Copyright; Credits; About the Authors; www.PacktPub.com; Customer Feedback; Table of Contents; Preface; Chapter 1: Why You Need CORS; The same-origin policy; Considering the origin of entities; Internet Explorer exception policy; Commonly allowed cross-origin resource sharing; DOM elements allowed for cross-origin sharing; Allowing cross-origin sharing in WebSockets; Limited cross-origin JavaScript API access; Permissions required by JavaScript; JavaScript data storage access is strictly limited by origin; How CORS works -- the header and the request; The CORS header. Example 1 -- CORS request with JavaScriptPassing a request to a utility function; Example 2: the CORS transaction to retrieve the title tag; Distributing DOM elements to multiple domains; Putting it all together; Securing when all domains are whitelisted; Methods to add security when a CORS header whitelists all domains; Simple CORS request methods; CORS with Preflight; Triggering a preflight by setting a custom header; The preflight request; The preflight response; CORS via jQuery; Known issues with CORS preflight; Preflight in Firefox; Preflight in Chrome; Preflight in Internet Explorer. Non-simple CORS request methods and headers require preflightChecking for the withCredentials property; Troubleshooting and debugging CORS; Browser support for crossorigin attribute in the tag; CORS with jQuery; jQuery CORS AJAX plugin; Enabling CORS globally with server configuration; Alternatives to CORS; Example of JSON-P; Using JSON-P -- limitations and risks; Proposed JSON-P validation standard; WebSocket; WebSocket handshakes; WebSocket and cross-domain resource sharing; Risks of using WebSocket for cross-domain resource sharing; The window.postMessage method. PostMessage risks and security measuresSummary; Chapter 2: Creating Proxies for CORS; Proxies and the World Wide Web; What is a proxy server?; Reasons to use a proxy; Avoid mixing up protocols; Some API platforms require proxies or CORS; Getting through a local network firewall; Types of proxy server; Creating a proxy server with Google App Engine; Reverse proxy server; Reverse proxy server with Apache VirtualHost and .htaccess; Reverse proxy server in node.js; Summary; Chapter 3: Usability and Security; CORS usability; Browser support for CORS; Detecting AJAX support in the browser. Using preflight for non-simple CORS requestsThe HTTP request headers; HTTP response headers; Enhancing security in CORS; Limiting access when using the Access-Control-Allow-Origin, * wildcard; Trusting the HTTP_ORIGIN header is not recommended; Requests with credentials; CORS security cheat sheet by OWASP; Summary; Chapter 4: CORS in Popular Content Management Frameworks; Incoming CORS requests; SAAS or self-hosted?; CORS in WordPress; Limited support for CORS in SAAS WordPress.com; Unauthenticated GET requests to WordPress.com; Authenticated requests to WordPress.com. Web services. http://id.loc.gov/authorities/subjects/sh2003001435 Application program interfaces. Services Web. COMPUTERS Web Content Management Systems. bisacsh COMPUTERS Web Web Services & APIs. bisacsh COMPUTERS Web Web Programming. bisacsh Web services fast |
| subject_GND | http://id.loc.gov/authorities/subjects/sh2003001435 |
| title | CORS Essentials. |
| title_auth | CORS Essentials. |
| title_exact_search | CORS Essentials. |
| title_full | CORS Essentials. |
| title_fullStr | CORS Essentials. |
| title_full_unstemmed | CORS Essentials. |
| title_short | CORS Essentials. |
| title_sort | cors essentials |
| topic | Web services. http://id.loc.gov/authorities/subjects/sh2003001435 Application program interfaces. Services Web. COMPUTERS Web Content Management Systems. bisacsh COMPUTERS Web Web Services & APIs. bisacsh COMPUTERS Web Web Programming. bisacsh Web services fast |
| topic_facet | Web services. Application program interfaces. Services Web. COMPUTERS Web Content Management Systems. COMPUTERS Web Web Services & APIs. COMPUTERS Web Web Programming. Web services |
| url | https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1528134 |
| work_keys_str_mv | AT gunasundaramrajesh corsessentials |