Talking to Browsers with CORS
Breaking the single origin policy
Author:
Michael Krotscheck
krotscheck
http://www.krotscheck.net
Source:
https://github.com/krotscheck/presentations
License:
Creative Commons Attribution 4.0 International
Topics Covered
Single Origin Policy
Security Concerns
Web Application Design Patterns
All-in-one
API + UI
API(s) + UI + UI-Server
CORS
CORS Preflight request
CORS Preflight response
CORS Http Request
CORS Http Response
Implementing CORS
Apache 2
mod_headers
Nginx
add_headers
Python WSGI
mod_headers
Apache2: mod_headers
Nginx: add_headers
Python: Middleware
mod_headers
CORS via WSGI
oslo_middleware
other middleware