"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
Html cors- lior rotkovitch
1. BIG-IP V11.4 ASM TRAINING:
HTML 5 – CORS
Created by Lior Rotkovitch
ASM - New Product Introduction
December 2013
2. what is CORS ?
• Cross-Origin Resource Sharing
• enables one website to access the resources of another
website using JavaScript
• part of the HTML5 related specifications
3. • CORS defines how to authorize an application from a
foreign origin, executing in the browser, to access the HTTP
response of a resource from another origin
the java script that domain.com
send a preflight CORS request to
know which permission are allowed
to be accessed at web site b
Web site a
send response
to browser.
4. If CORS is configures at exmaple.com it will sends the users
browsers the attributes of how a request is allowed to access
exmaple.com from the browser when communicating with
domain.com
5. CORS Request headers
• related headers that are included in a preflight request:
• Origin - Determines requesting origin
• Access-Control-Request-Method – tell the server which
methods will be used in the actual request in addition to:
GET POST and HEAD
• Access-Control-Request-Headers – – tell the server which
methods will be used in the actual request in addition to:
GET POST and HEAD
6. CORS response headers
• Access-Control-Allow-Origin – List of origins the resource
may be shared among (support wildcard)
• Access-Control-Allow-Credentials – Indicates whether actual
request may include user credentials (true/false)
• Access-Control-Allow-Methods - Indicates which methods
can be used during the actual request
• Access-Control-Allow-Headers - Indicates which request
headers can be used during the actual request
• Access-Control-Max-Age – Indicates how long (in seconds)
the results of a preflight request may be cached in the browser
• Access-Control-Expose-Headers – Indicates which response
headers are safe to expose to JavaScript
7. ASM CORS
• CORS should be enable in the server to which the JS will
send a request.
• ASM provides a GUI to enforce CORS incase the CORS is
not configured (but is enabled) or to override the CORS
server definitions.
• ASM CORS enforcement can be define on a URL