CORS in Action introduces Cross-Origin Resource Sharing (CORS) from both the server and the client perspective. It starts with the basics: how to make CORS requests and how to implement CORS on the server. It then explores key details such as performance, debugging, and security. API authors will learn how CORS opens their APIs to a wider range of users. JavaScript developers will find valuable techniques for building rich web apps that can take advantage of APIs hosted anywhere. The techniques described in this book are especially applicable to mobile environments, where browsers are guaranteed to support CORS.
Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.
About the Book
Suppose you need to share some JSON data with another application or service. If everything is hosted on one domain, it's a snap. But if the data is on another domain, the browser's "same-origin" policy stops you cold. CORS is a new web standard that enables safe cross-domain access without complex server-side code. Mastering CORS makes it possible for web and mobile applications to share data simply and securely.
CORS in Action introduces CORS from both the server and the client perspective. It starts with making and enabling CORS requests and then explores performance, debugging, and security. You'll learn to build apps that can take advantage of APIs hosted anywhere and how to write APIs that expand your products to a wider range of users.
For web developers comfortable with JavaScript. No experience with CORS is assumed.
What's Inside
CORS from the ground up
Serving and consuming cross-domain data
Best practices for building CORS APIs
When to use CORS alternatives like JSON-P and proxies
About the Author
Monsur Hossain is an engineer at Google who has worked on API-related projects such as the Google JavaScript Client, the APIs Discovery Service, and CORS support for Google APIs.
Table of Contents
PART 1 INTRODUCING CORS
The Core of CORS
Making CORS requests
PART 2 CORS ON THE SERVER
Handling CORS requests
Handling preflight requests
Cookies and response headers
Best practices
PART 3 DEBUGGING CORS REQUESTS
Debugging CORS requests
APPENDIXES
CORS reference
Configuring your environment
What is CSRF?
Other cross-origin techniques
About the Author
Monsur Hossain is a Software Engineer for Google, where he has worked on API-related projects such as the Google JavaScript Client, the APIs Discovery Service, and CORS-support for Google APIs. He maintains the site enable-cors.org.
Description:
Summary
CORS in Action introduces Cross-Origin Resource Sharing (CORS) from both the server and the client perspective. It starts with the basics: how to make CORS requests and how to implement CORS on the server. It then explores key details such as performance, debugging, and security. API authors will learn how CORS opens their APIs to a wider range of users. JavaScript developers will find valuable techniques for building rich web apps that can take advantage of APIs hosted anywhere. The techniques described in this book are especially applicable to mobile environments, where browsers are guaranteed to support CORS.
Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.
About the Book
Suppose you need to share some JSON data with another application or service. If everything is hosted on one domain, it's a snap. But if the data is on another domain, the browser's "same-origin" policy stops you cold. CORS is a new web standard that enables safe cross-domain access without complex server-side code. Mastering CORS makes it possible for web and mobile applications to share data simply and securely.
CORS in Action introduces CORS from both the server and the client perspective. It starts with making and enabling CORS requests and then explores performance, debugging, and security. You'll learn to build apps that can take advantage of APIs hosted anywhere and how to write APIs that expand your products to a wider range of users.
For web developers comfortable with JavaScript. No experience with CORS is assumed.
What's Inside
About the Author
Monsur Hossain is an engineer at Google who has worked on API-related projects such as the Google JavaScript Client, the APIs Discovery Service, and CORS support for Google APIs.
Table of Contents
APPENDIXES
About the Author
Monsur Hossain is a Software Engineer for Google, where he has worked on API-related projects such as the Google JavaScript Client, the APIs Discovery Service, and CORS-support for Google APIs. He maintains the site enable-cors.org.