This book will explain how to use CORS, including specific implementations for platforms such as Drupal, WordPress, IIS server, ASP.NET, JBoss, Windows Azure, and Salesforce, as well as how to use CORS in the Cloud on Amazon AWS, YouTube, Mulesoft, and others. It will examine the limitations, security risks, and alternatives to CORS. It will examine the W3C specification and major developer documentation sources about CORS. It will predict what kind of extensions to the CORS specification, or completely new techniques, may come in the future to address the limitations of CORS.
Chapter 1, Why You Need CORS, discusses the same-origin policy, which limits sharing resources across domains; granting access to CORS requests by setting headers; different ways to add more security; understanding preflight requests to prepare for some types of CORS methods and events; and alternatives to CORS.
Chapter 2, Creating Proxies for CORS, discusses what a Proxy Server is and various reasons to use a Proxy, different types of Proxy Servers, and reverse proxis in Node.js with CORS anywhere.
Chapter 3, Usability and Security, discusses CORS and XDomainRequest, detecting AJAX support in the browser, using preflight to ensure usability and improve security, handling access-control-allow-origin header with and without the wildcard, HTTP request and response headers for usability and security, CORS requests with credentials, and setting and reading cookies, and CORS security cheat sheet by OWASP.
Chapter 4, CORS in Popular Content Management Frameworks, discusses how to enable CORS in WordPress, Drupal, Joomla!, and Adobe Experience Manager (AEM).
Chapter 5, CORS in Windows, discusses implementing CORS on the Windows platform. The Windows platform includes IIS, ASP.NET Web API applications, and Windows Communication Foundation.
Chapter 6, CORS in the Cloud, discusses using CORS in cloud computing services such as Amazon Simple Storage Service (S3), Google Cloud Storage, IBM Cloudant, Windows Azure Storage, the Box.com API, and the Dropbox API.
Chapter 7, CORS in Node.js, discusses the Node.js platform and using CORS in JavaScript frameworks such as ReactJS, Ember.js, and Socket.IO, with examples based on the fundamentals of CORS with allowed origin(s), methods, and headers.
Chapter 8, CORS Best Practices, discusses best practices in enabling API-to-public CORS requests, limiting the API to allow CORS requests to a whitelisted set of origins, protecting against cross-site request forgery (CSRF), and minimizing preflight requests.
Any good JavaScript editor
Wamp, Lamp, or Xamp, depending on the devlopment platform environment
IIS to host the ASP.NET application
Visual Studio 2012 or later to develop the ASP.NET Web API
This book is intended for any web developer who works on various web applications with different technologies, developers who create APIs for external applications to consume, and developers who ensure security when cross-origin resource sharing happens.
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, path names, dummy URLs, user input, and Twitter handles are shown as follows: "Media files with the <video>
and <audio>
tags as long as the file type matches expected media formats."
A block of code is set as follows:
public static class WebApiConfig { public static void Register(HttpConfiguration config) { // Other configurations omitted config.EnableCors(); config.SetCorsPolicyProviderFactory( new DynamicPolicyProviderFactory()); } }
Any command-line input or output is written as follows:
PM> Install-Package Microsoft.AspNet.WebApi.Cors
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Clicking the Next button moves you to the next screen".
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <[email protected]>
, and mention the books title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting , selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]>
with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
If you have a problem with any aspect of this book, you can contact us at <[email protected]>
, and we will do our best to address the problem.