27,59 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Fachliteratur
- Sprache: Englisch
This book explains how to use CORS, including specific implementations for platforms such as Drupal, WordPress, IIS Server, ASP.NET, JBoss, Windows Azure, and Salesforce, as well as how to use CORS in the Cloud on Amazon AWS, YouTube, Mulesoft, and others. It examines limitations, security risks, and alternatives to CORS. It explores the W3C Specification and major developer documentation sources about CORS. It attempts to predict what kinds of extension to the CORS specification, or completely new techniques, will come in the future to address the limitations of CORS
Web developers will learn how to share code and assets across domains with CORS. They will learn a variety of techniques that are rather similar in their method and syntax. The book is organized by similar types of framework and application, so it can be used as a reference. Developers will learn about special cases, such as when a proxy is necessary. And they will learn about some alternative techniques that achieve similar goals, and when they may be preferable to using CORS
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 164
Veröffentlichungsjahr: 2017
Ähnliche
Table of Contents
CORS Essentials
CORS Essentials
Copyright © 2017 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: May 2017
Production reference: 1220517
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78439-377-9
www.packtpub.com
Credits
Authors
Rajesh Gunasundaram
Randall Goya
Commissioning Editor
Wilson D'souza
Acquisition Editor
Tushar Gupta
Content Development Editor
Aishwarya Pandere
Technical Editor
Dharmendra Yadav
Copy Editor
Manisha Sinha
Project Coordinator
Nidhi Joshi
Proofreader
Safis Editing
Indexer
Mariammal Chettiyar
Graphics
Tania Dutta
Production Coordinator
Shraddha Falebhai
Cover Work
Shraddha Falebhai
About the Authors
Rajesh Gunasundaram is a software architect, technical writer, and blogger. He has over 15 years of experience in the IT industry, with more than 10 years using Microsoft .NET, 2 years of BizTalk Server, and a year of iOS application development.
Rajesh is a founder and editor of technical blogs and , where you can find many of his technical writings on .NET and iOS.
Rajesh is also the founder and developer of a web product, a platform that analyses YouTube videos and channels.
Rajesh has also written a book ASP.NET Web API Security Essentials, for Packt Publishing.
Rajesh holds a masters degree in Computer Application and began his career as a software engineer in 2002. He worked on client premises located in various countries, such as the UK, Belarus, and Norway. He also has experience in developing mobile applications for iPhone and iPad.
His technical strengths include Azure, Xamarin, ASP.NET MVC, Web API, WCF, .NET Framework/.NET Core, C#, Objective-C, Angular, BizTalk, SQL Server, REST, SOA, design patterns, and software architecture.
Randall Goya has been a Senior Web Developer and Application Architect for enterprise organizations for several years, mostly specializing as a Drupal Consultant. Drupal as a framework is integrated with so many other applications and APIs, including payment gateways, media (Brightcove, YouTube, mp3, and video players), messaging (Amazon SQS, Mulesoft), as a content repository for other frameworks (WordPress), and for native mobile applications, and VOIP.
www.PacktPub.com
eBooks, discount offers, and more
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At , you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.
Why subscribe?
Customer Feedback
Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/1784393770.
If you'd like to join our team of regular reviewers, you can e-mail us at <[email protected]>. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!
Preface
This book will explain how to use CORS, including specific implementations for platforms such as Drupal, WordPress, IIS server, ASP.NET, JBoss, Windows Azure, and Salesforce, as well as how to use CORS in the Cloud on Amazon AWS, YouTube, Mulesoft, and others. It will examine the limitations, security risks, and alternatives to CORS. It will examine the W3C specification and major developer documentation sources about CORS. It will predict what kind of extensions to the CORS specification, or completely new techniques, may come in the future to address the limitations of CORS.
What this book covers
Chapter 1, Why You Need CORS, discusses the same-origin policy, which limits sharing resources across domains; granting access to CORS requests by setting headers; different ways to add more security; understanding preflight requests to prepare for some types of CORS methods and events; and alternatives to CORS.
Chapter 2, Creating Proxies for CORS, discusses what a Proxy Server is and various reasons to use a Proxy, different types of Proxy Servers, and reverse proxis in Node.js with CORS anywhere.
Chapter 3, Usability and Security, discusses CORS and XDomainRequest, detecting AJAX support in the browser, using preflight to ensure usability and improve security, handling access-control-allow-origin header with and without the wildcard, HTTP request and response headers for usability and security, CORS requests with credentials, and setting and reading cookies, and CORS security cheat sheet by OWASP.
Chapter 4, CORS in Popular Content Management Frameworks, discusses how to enable CORS in WordPress, Drupal, Joomla!, and Adobe Experience Manager (AEM).
Chapter 5, CORS in Windows, discusses implementing CORS on the Windows platform. The Windows platform includes IIS, ASP.NET Web API applications, and Windows Communication Foundation.
Chapter 6, CORS in the Cloud, discusses using CORS in cloud computing services such as Amazon Simple Storage Service (S3), Google Cloud Storage, IBM Cloudant, Windows Azure Storage, the Box.com API, and the Dropbox API.
Chapter 7, CORS in Node.js, discusses the Node.js platform and using CORS in JavaScript frameworks such as ReactJS, Ember.js, and Socket.IO, with examples based on the fundamentals of CORS with allowed origin(s), methods, and headers.
Chapter 8, CORS Best Practices, discusses best practices in enabling API-to-public CORS requests, limiting the API to allow CORS requests to a whitelisted set of origins, protecting against cross-site request forgery (CSRF), and minimizing preflight requests.
What you need for this book
Who this book is for
This book is intended for any web developer who works on various web applications with different technologies, developers who create APIs for external applications to consume, and developers who ensure security when cross-origin resource sharing happens.
Conventions
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, path names, dummy URLs, user input, and Twitter handles are shown as follows: "Media files with the <video> and <audio> tags as long as the file type matches expected media formats."
A block of code is set as follows:
Any command-line input or output is written as follows:
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Clicking the Next button moves you to the next screen".
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <[email protected]>, and mention the books title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting , selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
Questions
If you have a problem with any aspect of this book, you can contact us at <[email protected]>, and we will do our best to address the problem.
Chapter 1. Why You Need CORS
In this chapter, you will learn about the following:
The same-origin policy
Sooner or later, web developers run up against the same-origin policy. Maybe you want to trigger a script on one domain and use the results on a different domain, but you can't.
The same-origin policy is necessary for web application security. The execution of a script may expose sensitive information. Access to this information is limited to the same domain where the script is located, unless access for an external domain has been specifically allowed by code.
Note
The same-origin policy is defined by the Internet Engineering Task Force (IETF) (https://tools.ietf.org/html/rfc6454#page-4).
A major motivation for implementing the same-origin policy is to protect sensitive information stored in cookies from being exposed to another domain. Web applications maintain authenticated user sessions in cookies. The user's personalizations and account information are stored in cookies. To ensure data confidentiality, cookies may not be shared across domains. For cookies, the same origin is shared by the domain or a sub-domain of that domain. For DOM elements such as scripts, the restrictions are more fine-grained.
The same-origin policy
