Book Image

CORS Essentials

By : Rajesh Gunasundaram
Book Image

CORS Essentials

By: Rajesh Gunasundaram

Overview of this book

This book explains how to use CORS, including specific implementations for platforms such as Drupal, WordPress, IIS Server, ASP.NET, JBoss, Windows Azure, and Salesforce, as well as how to use CORS in the Cloud on Amazon AWS, YouTube, Mulesoft, and others. It examines limitations, security risks, and alternatives to CORS. It explores the W3C Specification and major developer documentation sources about CORS. It attempts to predict what kinds of extension to the CORS specification, or completely new techniques, will come in the future to address the limitations of CORS Web developers will learn how to share code and assets across domains with CORS. They will learn a variety of techniques that are rather similar in their method and syntax. The book is organized by similar types of framework and application, so it can be used as a reference. Developers will learn about special cases, such as when a proxy is necessary. And they will learn about some alternative techniques that achieve similar goals, and when they may be preferable to using CORS

Related Content you might be interested in

Current Title:

Small book image
CORS Essentials
Rajesh Gunasundaram
May, 2017 | 144 pages
No titles found
Table of Contents (15 chapters)
CORS Essentials
CORS Essentials
Credits
Credits
About the Authors
About the Authors
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Preface
Preface
Free Chapter
1
Why You Need CORS
Why You Need CORS
The same-origin policy
Considering the origin of entities
Commonly allowed cross-origin resource sharing
Permissions required by JavaScript
How CORS works – the header and the request
CORS with Preflight
Troubleshooting and debugging CORS
CORS with jQuery
Enabling CORS globally with server configuration
Alternatives to CORS
Summary
2
Creating Proxies for CORS
Creating Proxies for CORS
Proxies and the World Wide Web
What is a proxy server?
Reasons to use a proxy
Creating a proxy server with Google App Engine
Summary
3
Usability and Security
Usability and Security
CORS usability
Enhancing security in CORS
Summary
4
CORS in Popular Content Management Frameworks
CORS in Popular Content Management Frameworks
Incoming CORS requests
SAAS or self-hosted?
CORS in WordPress
CORS in Drupal
CORS in Joomla!
CORS in Adobe Experience Manager
Summary
5
CORS in Windows
CORS in Windows
Incoming CORS requests
How to set the Access-Control-Allow-Origin header globally in Windows IIS Server
CORS in the ASP.NET Web API
CORS in Windows Communication Foundation
CORS in Windows browsers – Internet Explorer and Edge
Summary
6
CORS in the Cloud
CORS in the Cloud
CORS requests in cloud APIs
CORS in Amazon Simple Storage Service (S3)
Using CORS in Google Cloud Storage
Authenticated access to Google APIs with CORS
CORS in IBM Cloudant
CORS in Windows Azure Storage
CORS in Box API
CORS in the Dropbox API
Summary
References
7
CORS in Node.js
CORS in Node.js
JavaScript frameworks are very popular
Introduction to Node.js
JavaScript frameworks that work with Node.js
CORS in Express.js
CORS npm for Express.js using Connect.js middleware
CORS in AngularJS
CORS in Backbone.js
Node.js and JavaScript frameworks are evolving rapidly
Summary
References
8
CORS Best Practices
CORS Best Practices
Enabling API to public CORS requests
Limiting API to allow CORS requests to a whitelisted set of origins
Protecting against cross-site request forgery (CSRF)
Summary
Index
Index

CORS with jQuery

jQuery's $.ajax() method can be used for standard XHR and CORS requests.

Note

Things to know about CORS with jQuery2

JQuery's CORS implementation doesn't support IE's XDomainRequest object, which is needed prior to Internet Explorer 10. There are jQuery plugins and workarounds. $.support.cors can signal support for CORS. It is set to true if the browser supports CORS (but in IE it always returns false). This can be a quick way to check for CORS support.

In jQuery, define the XHR functions using the same techniques as for CORS with JavaScript:

$.ajax({
  // The 'type' property sets the HTTP method
  // Any value other than GET, POST, HEAD (eg. PUT or DELETE methods) will initiate a preflight request
  type: 'GET',

  // The Target Domain URL to make the request to
  url: 'http://targetdomain.com',

  // The 'contentType' property sets the 'Content-Type' header
  // The JQuery default for this property is
  // 'application/x-www-form-urlencoded; charset=UTF-8'
  // If you set this value to anything other than
  // application/x-www-form-urlencoded, multipart/form-data, or text/plain,
  // you will trigger a preflight request
  contentType: 'text/plain',

    xhrFields: {
      // The 'xhrFields' property sets additional fields on the XMLHttpRequest
      // This can be used to set the 'withCredentials' property
      // Set the value to 'true' to pass cookies to the server
      // If this is enabled, your server must respond with the header
      // 'Access-Control-Allow-Credentials: true'
      // Remember that IE <= 9 does not support the 'withCredentials' property
      withCredentials: false
    },

    headers: {
      // Set custom headers
      // If you set any non-simple headers, your server response must include
      // the headers in the 'Access-Control-Allow-Headers' response header
    },

    success: function() {
      // Handler for a successful response, do something with the response.Text
    },

    error: function() {
      // Error handler
      // Note that if the error was due to an issue with CORS,
      // this function will still be triggered, but there won't be any additional information about the error.
    }
});

jQuery CORS AJAX plugin

A jQuery plugin for CORS is available at http://plugins.jquery.com/cors.

The plugin sends cross-domain AJAX requests through corsproxy.io.

Chapter 2, Creating Proxies for CORS, gives details about using proxies with CORS.

Previous Section
End of Section 9
Next Section