billfeller.github.io icon indicating copy to clipboard operation
billfeller.github.io copied to clipboard

Published 20 hours ago verified publisher icon wadezhan

CORS CSP Tips

Open billfeller opened this issue 8 years ago • 0 comments

in CORS (Cross-origin resource sharing), when web application (origin) request the cross-domain resources, the cross-domain server need response Access-Control-Allow-Origin to authorise the web application to use its services and does not control external services accessed by the web application.

Howerver, CSP (Content Security Policy) Content-Security-Policy is set by the orgin server to declare approved origins of content that browsers should be allowed to load on that website — covered types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features.

cors csp 1

CORS flow image

Read More

  1. CSP(Content Security Policy)
  2. CORS(Cross-origin resource sharing)

billfeller avatar Aug 24 '16 03:08 billfeller