Muutke küpsiste eelistusi

CORS in Action [Pehme köide]

4.07/5 (88 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 300 pages, kõrgus x laius x paksus: 190x235x13 mm, kaal: 422 g
  • Ilmumisaeg: 30-Oct-2014
  • Kirjastus: Manning Publications
  • ISBN-10: 161729182X
  • ISBN-13: 9781617291821
Teised raamatud teemal:
  • Pehme köide
  • Hind: 51,84 €*
  • * saadame teile pakkumise kasutatud raamatule, mille hind võib erineda kodulehel olevast hinnast
  • See raamat on trükist otsas, kuid me saadame teile pakkumise kasutatud raamatule.
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Lisa soovinimekirja
CORS in ActionSuurem pilt
  • Formaat: Paperback / softback, 300 pages, kõrgus x laius x paksus: 190x235x13 mm, kaal: 422 g
  • Ilmumisaeg: 30-Oct-2014
  • Kirjastus: Manning Publications
  • ISBN-10: 161729182X
  • ISBN-13: 9781617291821
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781617291821.html
Märksõnad:

Summary

CORS in Action introduces Cross-Origin Resource Sharing (CORS) from both the server and the client perspective. It starts with the basics: how to make CORS requests and how to implement CORS on the server. It then explores key details such as performance, debugging, and security. API authors will learn how CORS opens their APIs to a wider range of users. JavaScript developers will find valuable techniques for building rich web apps that can take advantage of APIs hosted anywhere. The techniques described in this book are especially applicable to mobile environments, where browsers are guaranteed to support CORS.

Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.

About the Book

Suppose you need to share some JSON data with another application or service. If everything is hosted on one domain, it's a snap. But if the data is on another domain, the browser's "same-origin" policy stops you cold. CORS is a new web standard that enables safe cross-domain access without complex server-side code. Mastering CORS makes it possible for web and mobile applications to share data simply and securely.

CORS in Action introduces CORS from both the server and the client perspective. It starts with making and enabling CORS requests and then explores performance, debugging, and security. You'll learn to build apps that can take advantage of APIs hosted anywhere and how to write APIs that expand your products to a wider range of users.

For web developers comfortable with JavaScript. No experience with CORS is assumed.

What's Inside

  • CORS from the ground up
  • Serving and consuming cross-domain data
  • Best practices for building CORS APIs
  • When to use CORS alternatives like JSON-P and proxies

About the Author

Monsur Hossain is an engineer at Google who has worked on API-related projects such as the Google JavaScript Client, the APIs Discovery Service, and CORS support for Google APIs.

Table of Contents

    PART 1 INTRODUCING CORS
  1. The Core of CORS
  2. Making CORS requests
    3. PART 2 CORS ON THE SERVER
  3. Handling CORS requests
  4. Handling preflight requests
  5. Cookies and response headers
  6. Best practices
    7. PART 3 DEBUGGING CORS REQUESTS
  7. Debugging CORS requests
    8. APPENDIXES
  1. CORS reference
  2. Configuring your environment
  3. What is CSRF?
  4. Other cross-origin techniques
Foreword xv
Preface xvii
Acknowledgments xix
About This Book xxi
Author Online xxv
About The Author xxvi
About The Cover Illustration xxvii
Part 1 Introducing CORS 1(36)
1 The Core of COBS
3(9)
1.1 What is CORS?
4(1)
1.2 CORS by example
5(4)
Setting up the request
7(1)
Sending the request
7(1)
Processing the response
7(2)
1.3 Benefits of CORS
9(1)
Wider audience
9(1)
Servers stay in charge
9(1)
Flexibility
10(1)
Easy for developers
10(1)
Reduced maintenance overhead
10(1)
1.4 Summary
10(2)
2 Making CORS requests
12(25)
2.1 What is a cross-origin request?
13(1)
2.2 Browser support for CORS
14(1)
2.3 Using the XMLHttpRequest object
15(13)
Sending an HTTP request
17(3)
Handling the HTTP response
20(7)
Including cookies on cross-origin requests
27(1)
2.4 XDomainRequest object in Internet Explorer 8 and 9
28(4)
Differences between XDomainRequest and XMLHttpRequest
30(2)
2.5 Canvas and cross-origin images
32(2)
2.6 CORS requests from jQuery
34(2)
2.7 Summary
36(1)
Part 2 CORS On The Server 37(112)
3 Handling CORS requests
39(24)
3.1 Setting up the sample code
40(5)
Setting up the sample API
40(2)
Setting up the sample client
42(2)
Running the sample app
44(1)
3.2 Making a CORS request
45(2)
3.3 Anatomy of a CORS request
47(4)
The players in a CORS request
48(1)
Lifecycle of a CORS request
49(2)
3.4 Making a request with the Origin header
51(4)
Viewing the Origin header
51(1)
What is an origin?
52(3)
Setting the Origin header
55(1)
3.5 Responding to a CORS request
55(7)
The Access-Control-Allow-Origin header
55(1)
Access-Control-Allow-Origin with a wildcard (*) value
56(3)
Access-Control-Allow-Origin with an origin value
59(1)
Rejecting CORS requests
59(3)
3.6 Summary
62(1)
4 Handling preflight requests
63(31)
4.1 What is a preflight request?
64(3)
Lifecycle of a preflight request
64(1)
Why does the preflight request exist?
64(3)
4.2 Triggering a preflight request
67(5)
When is a preflight request sent?
71(1)
4.3 Identifying a preflight request
72(3)
Origin header
72(1)
HTTP OPTIONS method
73(1)
Access-Control-Request-Method header
74(1)
Putting it all together
75(1)
4.4 Responding to a preflight request
75(10)
Supporting HTTP methods with Access-Control-Allow-Methods
76(2)
Supporting request headers with Access-Control-Allow-Headers
78(5)
Sending the actual request
83(1)
Rejecting a preflight request
83(2)
4.5 Recapping preflights
85(5)
4.6 Preflight result cache
90(3)
4.7 Summary
93(1)
5 Cookies and response headers
94(18)
5.1 Supporting cookies in CORS requests
95(12)
Setting cookies with a login page
95(2)
Reading the cookie on the server
97(2)
Including cookies in CORS requests
99(3)
How withCredentials and Access-Control-Allow-Credentials interact
102(2)
Caveats to cookie support
104(3)
5.2 Exposing response headers to the client
107(4)
Reading a response header
108(1)
Adding response header support
108(3)
5.3 Summary
111(1)
6 Best practices
112(37)
6.1 Refactoring the sample code
113(1)
6.2 Before you begin
114(1)
6.3 Setting the Access-Control-Allow-Origin header
114(12)
Allowing cross-origin access for everyone
115(1)
Limiting CORS requests to a set of origins
116(5)
CORS and proxy servers
121(2)
Null origin
123(1)
Origin header on same-origin requests
124(2)
6.4 Security
126(9)
Including cookies on requests
128(4)
Authorizing requests using OAuth2
132(3)
6.5 Handling preflight requests
135(4)
Whitelisting request methods and headers
135(4)
6.6 Reducing preflight requests
139(3)
Maximizing the preflight cache
139(2)
Changing your site to reduce preflight requests
141(1)
6.7 Exposing response headers
142(2)
6.8 CORS and redirects
144(3)
6.9 Summary
147(2)
Part 3 Debugging CORS Requests 149(29)
7 Debugging COBS requests
151(27)
7.1 Solving CORS errors
152(1)
7.2 Using the browser's developer tools
153(5)
Using the console
155(1)
Using the Network tab
155(3)
7.3 Monitoring network traffic
158(7)
Using Wireshark
159(2)
Using Fiddler
161(4)
7.4 Using curl to simulate CORS requests
165(4)
Making CORS requests using curl
165(2)
Making preflight requests using curl
167(1)
Why use curl?
168(1)
7.5 Sending requests using test-cors.org
169(5)
Sending requests to a remote server
169(2)
Sending requests to the local server
171(2)
Understanding how the client works
173(1)
7.6 Tips for mobile debugging
174(2)
Log requests on the server
175(1)
Use test-cors.org
175(1)
Use remote debugging tools
175(1)
Use a mobile simulator
175(1)
7.7 Getting help
176(1)
7.8 Summary
177(1)
Appendixes 178(28)
A CORS reference
178(4)
A.1 HTTP headers
178(2)
Request headers
178(1)
Response headers
178(2)
A.2 Other terms used in CORS
180(2)
Simple method
180(1)
Simple header
180(1)
Simple response header
181(1)
B Configuring your environment
182(9)
B.1 Setting up for the sample application
182(5)
Node js and NPM
182(4)
Express
186(1)
B.2 Debugging tools
187(3)
Wireshark
187(2)
Fiddler
189(1)
Curl
189(1)
B.3 Resources
190(1)
C What is CSRF?
191(8)
C.1 What is CSRF?
191(4)
C.2 Implementing CSRF protection for same-origin requests
195(4)
D Other cross-origin techniques
199(7)
D.1 JSONP
199(2)
D.2 Flash
201(2)
D.3 postMessage and easyXDM
203(1)
D.4 Server-side request
204(2)
Index 206
AUTHOR BIO





Monsur Hossain is a Software Engineer for Google, where he has worked on API-related projects such as the Google JavaScript Client, the APIs Discovery Service, and CORS-support for Google APIs. He maintains the site enable-cors.org.