万本电子书0元读

万本电子书0元读

顶部广告

CORS Essentials电子书

售       价:¥

75人正在读 | 0人评论 9.8

作       者:Rajesh Gunasundaram,Randall Goya

出  版  社:Packt Publishing

出版时间:2017-05-30

字       数:139.6万

所属分类: 进口书 > 外文原版书 > 电脑/网络

温馨提示:此类商品不支持退换货,不支持下载打印

为你推荐

  • 读书简介
  • 目录
  • 累计评论(0条)
  • 读书简介
  • 目录
  • 累计评论(0条)
Share code and assets across domains in Web applications with CORS About This Book ? A step-by-step guide but at a high level/fast pace. Not all steps are covered as a basic knowledge is assumed ? Provides a basic overview of the concepts but the focus is on providing the practical skills required to develop applications ? Focuses on providing practical examples Who This Book Is For Web developers have been limited by the Same Origin Policy and often wish they could spread their application across different domains. You know JavaScript and AJAX, and have run up against the Same Domain Policy, which is limiting your applications. What You Will Learn ? Why you need CORS: Bending the Same Origin Policy and basic CORS implementation, headers and XMLHttpRequest ? Creating proxies for CORS: Sometimes the header is not enough ? Security: vulnerabilities and how to secure your CORS application ? CORS implementations in Content Management systems ? Learn about CORS in Windows applications ? Take CORS on the Cloud ? Apply CORS in Node.js ? Best practices for CORS In Detail This book explains how to use CORS, including specific implementations for platforms such as Drupal, WordPress, IIS Server, ASP.NET, JBoss, Windows Azure, and Salesforce, as well as how to use CORS in the Cloud on Amazon AWS, YouTube, Mulesoft, and others. It examines limitations, security risks, and alternatives to CORS. It explores the W3C Specification and major developer documentation sources about CORS. It attempts to predict what kinds of extension to the CORS specification, or completely new techniques, will come in the future to address the limitations of CORS Web developers will learn how to share code and assets across domains with CORS. They will learn a variety of techniques that are rather similar in their method and syntax. The book is organized by similar types of framework and application, so it can be used as a reference. Developers will learn about special cases, such as when a proxy is necessary. And they will learn about some alternative techniques that achieve similar goals, and when they may be preferable to using CORS Style and approach A step-by-step guide filled with real-world applications
目录展开

CORS Essentials

Table of Contents

CORS Essentials

Credits

About the Authors

www.PacktPub.com

eBooks, discount offers, and more

Why subscribe?

Customer Feedback

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. Why You Need CORS

The same-origin policy

Considering the origin of entities

Internet Explorer exception policy

Commonly allowed cross-origin resource sharing

DOM elements allowed for cross-origin sharing

Allowing cross-origin sharing in WebSockets

Limited cross-origin JavaScript API access

Permissions required by JavaScript

JavaScript data storage access is strictly limited by origin

How CORS works – the header and the request

The CORS header

Example 1 – CORS request with JavaScript

Passing a request to a utility function

Example 2: the CORS transaction to retrieve the title tag

Distributing DOM elements to multiple domains

Putting it all together

Securing when all domains are whitelisted

Methods to add security when a CORS header whitelists all domains

Simple CORS request methods

CORS with Preflight

Triggering a preflight by setting a custom header

The preflight request

The preflight response

CORS via jQuery

Known issues with CORS preflight

Preflight in Firefox

Preflight in Chrome

Preflight in Internet Explorer

Non-simple CORS request methods and headers require preflight

Checking for the withCredentials property

Troubleshooting and debugging CORS

Browser support for crossorigin attribute in the <script> tag

CORS with jQuery

jQuery CORS AJAX plugin

Enabling CORS globally with server configuration

Alternatives to CORS

Example of JSON-P

Using JSON-P – limitations and risks

Proposed JSON-P validation standard

WebSocket

WebSocket handshakes

WebSocket and cross-domain resource sharing

Risks of using WebSocket for cross-domain resource sharing

The window.postMessage method

postMessage risks and security measures

Summary

2. Creating Proxies for CORS

Proxies and the World Wide Web

What is a proxy server?

Reasons to use a proxy

Avoid mixing up protocols

Some API platforms require proxies or CORS

Getting through a local network firewall

Types of proxy server

Creating a proxy server with Google App Engine

Reverse proxy server

Reverse proxy server with Apache VirtualHost and .htaccess

Reverse proxy server in node.js

Summary

3. Usability and Security

CORS usability

Browser support for CORS

Detecting AJAX support in the browser

Using preflight for non-simple CORS requests

The HTTP request headers

HTTP response headers

Enhancing security in CORS

Limiting access when using the Access-Control-Allow-Origin, * wildcard

Trusting the HTTP_ORIGIN header is not recommended

Requests with credentials

CORS security cheat sheet by OWASP

Summary

4. CORS in Popular Content Management Frameworks

Incoming CORS requests

SAAS or self-hosted?

CORS in WordPress

Limited support for CORS in SAAS WordPress.com

Unauthenticated GET requests to WordPress.com

Authenticated requests to WordPress.com

CORS in self-hosted WordPress

Adding the Access-Control-Allow-Origin header in a template

WordPress plugins for CORS

WP-CORS plugin for WordPress

Allow CORS XML-RPC plugin for WordPress

CORS in Drupal

Enabling CORS in Drupal with custom code

Using the drupal_add_http_header function

Adding CORS support with .htaccess

Adding the CORS headers with custom code

Drupal contributed modules for CORS

Drupal CORS module

Drupal CDN module

Drupal Amazon S3 CORS upload module

CORS in Drupal 8 core

CORS in Joomla!

setHeader in JApplication web

matware-libraries on GitHub

Allowing CORS in the .htaccess file

CORS in Adobe Experience Manager

The com.adobe.cq.social.commons.cors package

Methods in the CORSAuthenticationFilter class

Methods In the CORSConfig class

Methods in the CORSAuthInfoPostProcessor class

Adding CORS headers in Scene 7 with a ruleset

Configuring the Sling Referrer Filter in the CRX Console

Summary

5. CORS in Windows

Incoming CORS requests

How to set the Access-Control-Allow-Origin header globally in Windows IIS Server

Setting CORS headers globally with web.config for IIS7 Server

Setting CORS headers globally with IIS manager for IIS 8.5 and higher

CORS in the ASP.NET Web API

Enabling CORS in the ASP.NET Web API

Installing the Web API Cross-Origin Support Package

Enabling the CorsMessageHandler

The EnableCorsAttribute class sets the CORS policies

Configuring the EnableCors class attributes in the ASP.NET Web API

Example: setting CORS policy for HTTP methods GET, PUT, and POST

Setting CORS policy with wildcards

Example: Setting CORS policy globally with wildcards

Example: Setting a global CORS policy with the WebApiConfig class

Disallowing CORS in classes or methods

Example: Using explicit values for HTTP methods

Example: Using the DisableCors attribute

Dynamic ASP.NET Web API CORS policies

Custom CORS policy attribute classes

Example: A custom CORS policy class

Custom policy provider factory

Registering the DynamicPolicyProviderFactory in WebApiConfig

Example: A custom CORS policy provider factory

Debugging the ASP.NET Web API Cross-Origin support framework

Server-side debugging

Client-side debugging

CORS in Windows Communication Foundation

CORS in Windows browsers – Internet Explorer and Edge

Summary

6. CORS in the Cloud

CORS requests in cloud APIs

CORS in Amazon Simple Storage Service (S3)

Scenarios for needing CORS in Amazon S3

How to enable CORS on an S3 bucket

Elements in an S3 CORSRule

AllowedOrigin element (required)

AllowedMethod element (required)

AllowedHeader element (optional, required for preflight)

MaxAgeSeconds element (optional)

ExposeHeader element (optional)

CORSConfiguration CORSRules with required elements

CORSConfiguration CORSRule with optional elements

How does Amazon S3 evaluate the CORS Configuration on a bucket?

Using CORS in Google Cloud Storage

Configuring CORS on a bucket in Google Cloud Storage

Using gsutil cors set in Google Cloud Storage

Using the XML API in Google Cloud Storage

Getting CORS configuration for a bucket with the XML API

Putting a CORSConfig on a bucket with the XML API

Troubleshooting CORS-related problems in Google Cloud Storage

Problems with headers

Problems with cached preflight requests

Problems with the resumable upload protocol

Authenticated access to Google APIs with CORS

Google API Keys

Adding the Google API client library for JavaScript

The Google API CORS request

Authenticated CORS requests to Google APIs with OAuth

Example using the Authorization request header

Example using the access_token in the URL parameter

CORS in IBM Cloudant

How to GET or PUT a CORS configuration in IBM Cloudant

How to GET a CORS Configuration

Set or Modify a CORS Configuration

Security considerations when CORS in IBM Cloudant

CORS in Windows Azure Storage

CORS usage scenarios for Windows Azure Storage

CORS for Windows Azure Blobs (file uploads)

CORS for Windows Azure Table

Preflight requests in Windows Azure

Code examples for CORS in Windows Azure

Static CORS rules in Windows Azure

Dynamically configuring CORS in Windows Azure

Enabling CORS on a Windows Azure Storage account for the blob (file) service

JavaScript code for uploading an image to a Windows Azure Storage Blob service with CORS in ASP.NET

CORS on a Windows Azure Storage account for the table service

CORS in Box API

CORS in the Dropbox API

Summary

References

7. CORS in Node.js

JavaScript frameworks are very popular

Introduction to Node.js

JavaScript frameworks that work with Node.js

Express.js is a Node.js server framework

AngularJS extends static HTML with dynamic views

Connect.js provides middleware for Node.js requests

Backbone.js often uses a Node.js server

ReactJS handles user interfaces

Socket.IO uses WebSockets for real-time, event-driven applications

Ember.js can use Node.js

CORS in Express.js

CORS npm for Express.js using Connect.js middleware

Configuration options for CORS npm

Code examples for CORS npm

Enable CORS globally for all origins and all routes

Allowing CORS for dynamic origins for a specific route

Enabling CORS preflight

Configuring CORS asynchronously

CORS in AngularJS

Enabling CORS in AngularJS

Making a CORS request in AngularJS

CORS in Backbone.js

Using Backbone.CrossDomain to modify Backbone.sync

How to proxy Backbone.sync for cross-domain requests

jQuery Ajax needs to use the XHR Header

Ember.js also relies on CORS-enabled jQuery AJAX

Socket.IO manages origins for security

Node.js and JavaScript frameworks are evolving rapidly

Summary

References

8. CORS Best Practices

Enabling API to public CORS requests

Limiting API to allow CORS requests to a whitelisted set of origins

Protecting against cross-site request forgery (CSRF)

Minimizing preflight requests

Summary

Index

累计评论(0条) 0个书友正在讨论这本书 发表评论

发表评论

发表评论,分享你的想法吧!

买过这本书的人还买过

读了这本书的人还在读

回顶部