SlideShare a Scribd company logo
Breaking The Cross Domain Barrier ,[object Object]
A Story... ,[object Object],[object Object],[object Object]
Same Origin Policy ,[object Object],[object Object]
Same Origin Policy It’s actually an important rule. You wouldn’t want to have this happen:
Same Origin Policy It’s actually an important rule. You wouldn’t want to have this happen:
YEA BUT WHAT IF... ,[object Object],[object Object],[object Object]
The Solution ,[object Object]
THE END. ,[object Object]
<RecordScratch.wav> ,[object Object],[object Object],[object Object]
Some Options ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Post Message ,[object Object],[object Object]
Post Message ,[object Object]
Post Message ,[object Object],[object Object],[object Object],[object Object],What’s it good for?
Post Message Works In... ,[object Object],[object Object],[object Object],[object Object],[object Object]
JSONP ,[object Object]
JSONEN JavaScript Object Notation Except Not **Formerly JSONP
JSON ,[object Object],[object Object],[object Object]
JSONP ,[object Object]
JSONP - Why it’s special ,[object Object],[object Object]
How JSONP Works ,[object Object]
How JSONP Works ,[object Object],hint-hint
How JSONP Works ,[object Object]
JSONP Is Good For... ,[object Object],[object Object],[object Object],[object Object]
CORS | Tap the Rockies ,[object Object]
CORS - HOW?
CORS - HOW? ,[object Object]
CORS - From the Server... ,[object Object],[object Object]
CORS - Compatibility ,[object Object],[object Object],[object Object],[object Object],Unrelated Graph
CORS - What’s it Good For? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Document.domain Hackz ,[object Object],[object Object],[object Object],[object Object]
Window.name HI! I’m Jerry the Window!
Window.name ,[object Object],[object Object],**This is obviously a little simplified Added to Dojo  2 years ago: http://bugs.dojotoolkit.org/ticket/6893
Server Side Proxies ,[object Object],mySite yourSite myServer http://benalman.com/projects/php-simple-proxy/ Works everywhere XHR does
Crazy iFrame Hacks ,[object Object],[object Object],[object Object],FACTS
Crazy iFrame Hacks ,[object Object],a.com b.com a.com
Crazy iFrame Hacks ,[object Object],a.com b.com a.com Change the url hash on the innermost iframe to the message /#secret
Crazy iFrame Hacks ,[object Object],a.com b.com a.com Have the top level frame read the message on the hash /#secret
Crazy iFrame Hacks ,[object Object],[object Object],[object Object],How to know when to receive data Fast (where it works)
Crazy iFrame Hacks ,[object Object],[object Object]
Best of both worlds? ,[object Object],A library that will use postMessage first and then a series of  different techniques based on which browser you use, but with normalized syntax. http://easyxdm.net/
Best of Both Worlds? ,[object Object],http://flxhr.flensed.com/
What about cookies? ,[object Object],[object Object]
What about cookies in Safari? ,[object Object],[object Object]
What about cookies in Safari? If we post to an iframe it will thank us by sending cookies http://anantgarg.com/2010/02/18/cross-domain-cookies-in-safari/
Why Cookies? ,[object Object],TotallyNotTrackingYou.com Other Sites Holds your unique cookie
Lessons ,[object Object],[object Object],[object Object]
Thanks! ,[object Object],[object Object],[object Object],[object Object],[object Object]

More Related Content

What's hot

ワタシハ Azure Functions チョットデキル
ワタシハ Azure Functions チョットデキルワタシハ Azure Functions チョットデキル
ワタシハ Azure Functions チョットデキル
Tsuyoshi Ushio
 
Introduction to Web Technology Stacks
Introduction to Web Technology StacksIntroduction to Web Technology Stacks
Introduction to Web Technology Stacks
Prakarsh -
 
これから始めるSAPのクラウド化 Azure が選ばれる理由
これから始めるSAPのクラウド化 Azure が選ばれる理由これから始めるSAPのクラウド化 Azure が選ばれる理由
これから始めるSAPのクラウド化 Azure が選ばれる理由
Hitoshi Ikemoto
 
Debianの修正はどのように出荷されるか
Debianの修正はどのように出荷されるかDebianの修正はどのように出荷されるか
Debianの修正はどのように出荷されるか
Hideki Yamane
 
Web App for Containers + Cosmos DBで コンテナ対応したMEANアプリを作ろう!
Web App for Containers + Cosmos DBで コンテナ対応したMEANアプリを作ろう!Web App for Containers + Cosmos DBで コンテナ対応したMEANアプリを作ろう!
Web App for Containers + Cosmos DBで コンテナ対応したMEANアプリを作ろう!
Yoichi Kawasaki
 
plug ins
plug insplug ins
脆弱性スキャナVuls(応用編)
脆弱性スキャナVuls(応用編)脆弱性スキャナVuls(応用編)
脆弱性スキャナVuls(応用編)
Takayuki Ushida
 
IoT 導入を簡単に実現する“つなぐ”技術 ​~デンソーウェーブの IoT製品と Microsoft Azure 連携~
IoT 導入を簡単に実現する“つなぐ”技術 ​~デンソーウェーブの IoT製品と Microsoft Azure 連携~IoT 導入を簡単に実現する“つなぐ”技術 ​~デンソーウェーブの IoT製品と Microsoft Azure 連携~
IoT 導入を簡単に実現する“つなぐ”技術 ​~デンソーウェーブの IoT製品と Microsoft Azure 連携~
IoTビジネス共創ラボ
 
Integrando FreeBSD com Active Directory e OpenLDAP
Integrando FreeBSD com Active Directory e OpenLDAPIntegrando FreeBSD com Active Directory e OpenLDAP
Integrando FreeBSD com Active Directory e OpenLDAP
elliando dias
 
Azure Functions&Logic Appではじめるサーバレスアプリケーション開発 - 入門編 -
Azure Functions&Logic Appではじめるサーバレスアプリケーション開発 - 入門編 -Azure Functions&Logic Appではじめるサーバレスアプリケーション開発 - 入門編 -
Azure Functions&Logic Appではじめるサーバレスアプリケーション開発 - 入門編 -
Yoichi Kawasaki
 
ASP.NET Core 6.0 全新功能探索
ASP.NET Core 6.0 全新功能探索ASP.NET Core 6.0 全新功能探索
ASP.NET Core 6.0 全新功能探索
Will Huang
 
RHEL on Azure、初めの一歩
RHEL on Azure、初めの一歩RHEL on Azure、初めの一歩
RHEL on Azure、初めの一歩
Ryo Fujita
 
コンテナライフサイクルを守るセキュリティソリューション Aqua Cloud Native Security Platform
コンテナライフサイクルを守るセキュリティソリューション Aqua Cloud Native Security Platformコンテナライフサイクルを守るセキュリティソリューション Aqua Cloud Native Security Platform
コンテナライフサイクルを守るセキュリティソリューション Aqua Cloud Native Security Platform
Creationline,inc.
 
BDD: Cucumber + Selenium + Java
BDD: Cucumber + Selenium + JavaBDD: Cucumber + Selenium + Java
BDD: Cucumber + Selenium + Java
Cesar Augusto Nogueira
 
Integration using Apache Camel and Groovy
Integration using Apache Camel and GroovyIntegration using Apache Camel and Groovy
Integration using Apache Camel and Groovy
Claus Ibsen
 
de:code 2019 SE01 Azure Active Directory のログの"みかた“ - 長期保存・外部 SIEM 連携・分析手法 -
de:code 2019 SE01 Azure Active Directory のログの"みかた“- 長期保存・外部 SIEM 連携・分析手法 -de:code 2019 SE01 Azure Active Directory のログの"みかた“- 長期保存・外部 SIEM 連携・分析手法 -
de:code 2019 SE01 Azure Active Directory のログの"みかた“ - 長期保存・外部 SIEM 連携・分析手法 -
Dai Matsui
 
Djangoのエントリポイントとアプリケーションの仕組み
Djangoのエントリポイントとアプリケーションの仕組みDjangoのエントリポイントとアプリケーションの仕組み
Djangoのエントリポイントとアプリケーションの仕組み
Shinya Okano
 
AWS Black Belt Online Seminar 2016 AWS CloudFormation
AWS Black Belt Online Seminar 2016 AWS CloudFormationAWS Black Belt Online Seminar 2016 AWS CloudFormation
AWS Black Belt Online Seminar 2016 AWS CloudFormation
Amazon Web Services Japan
 

What's hot (18)

ワタシハ Azure Functions チョットデキル
ワタシハ Azure Functions チョットデキルワタシハ Azure Functions チョットデキル
ワタシハ Azure Functions チョットデキル
 
Introduction to Web Technology Stacks
Introduction to Web Technology StacksIntroduction to Web Technology Stacks
Introduction to Web Technology Stacks
 
これから始めるSAPのクラウド化 Azure が選ばれる理由
これから始めるSAPのクラウド化 Azure が選ばれる理由これから始めるSAPのクラウド化 Azure が選ばれる理由
これから始めるSAPのクラウド化 Azure が選ばれる理由
 
Debianの修正はどのように出荷されるか
Debianの修正はどのように出荷されるかDebianの修正はどのように出荷されるか
Debianの修正はどのように出荷されるか
 
Web App for Containers + Cosmos DBで コンテナ対応したMEANアプリを作ろう!
Web App for Containers + Cosmos DBで コンテナ対応したMEANアプリを作ろう!Web App for Containers + Cosmos DBで コンテナ対応したMEANアプリを作ろう!
Web App for Containers + Cosmos DBで コンテナ対応したMEANアプリを作ろう!
 
plug ins
plug insplug ins
plug ins
 
脆弱性スキャナVuls(応用編)
脆弱性スキャナVuls(応用編)脆弱性スキャナVuls(応用編)
脆弱性スキャナVuls(応用編)
 
IoT 導入を簡単に実現する“つなぐ”技術 ​~デンソーウェーブの IoT製品と Microsoft Azure 連携~
IoT 導入を簡単に実現する“つなぐ”技術 ​~デンソーウェーブの IoT製品と Microsoft Azure 連携~IoT 導入を簡単に実現する“つなぐ”技術 ​~デンソーウェーブの IoT製品と Microsoft Azure 連携~
IoT 導入を簡単に実現する“つなぐ”技術 ​~デンソーウェーブの IoT製品と Microsoft Azure 連携~
 
Integrando FreeBSD com Active Directory e OpenLDAP
Integrando FreeBSD com Active Directory e OpenLDAPIntegrando FreeBSD com Active Directory e OpenLDAP
Integrando FreeBSD com Active Directory e OpenLDAP
 
Azure Functions&Logic Appではじめるサーバレスアプリケーション開発 - 入門編 -
Azure Functions&Logic Appではじめるサーバレスアプリケーション開発 - 入門編 -Azure Functions&Logic Appではじめるサーバレスアプリケーション開発 - 入門編 -
Azure Functions&Logic Appではじめるサーバレスアプリケーション開発 - 入門編 -
 
ASP.NET Core 6.0 全新功能探索
ASP.NET Core 6.0 全新功能探索ASP.NET Core 6.0 全新功能探索
ASP.NET Core 6.0 全新功能探索
 
RHEL on Azure、初めの一歩
RHEL on Azure、初めの一歩RHEL on Azure、初めの一歩
RHEL on Azure、初めの一歩
 
コンテナライフサイクルを守るセキュリティソリューション Aqua Cloud Native Security Platform
コンテナライフサイクルを守るセキュリティソリューション Aqua Cloud Native Security Platformコンテナライフサイクルを守るセキュリティソリューション Aqua Cloud Native Security Platform
コンテナライフサイクルを守るセキュリティソリューション Aqua Cloud Native Security Platform
 
BDD: Cucumber + Selenium + Java
BDD: Cucumber + Selenium + JavaBDD: Cucumber + Selenium + Java
BDD: Cucumber + Selenium + Java
 
Integration using Apache Camel and Groovy
Integration using Apache Camel and GroovyIntegration using Apache Camel and Groovy
Integration using Apache Camel and Groovy
 
de:code 2019 SE01 Azure Active Directory のログの"みかた“ - 長期保存・外部 SIEM 連携・分析手法 -
de:code 2019 SE01 Azure Active Directory のログの"みかた“- 長期保存・外部 SIEM 連携・分析手法 -de:code 2019 SE01 Azure Active Directory のログの"みかた“- 長期保存・外部 SIEM 連携・分析手法 -
de:code 2019 SE01 Azure Active Directory のログの"みかた“ - 長期保存・外部 SIEM 連携・分析手法 -
 
Djangoのエントリポイントとアプリケーションの仕組み
Djangoのエントリポイントとアプリケーションの仕組みDjangoのエントリポイントとアプリケーションの仕組み
Djangoのエントリポイントとアプリケーションの仕組み
 
AWS Black Belt Online Seminar 2016 AWS CloudFormation
AWS Black Belt Online Seminar 2016 AWS CloudFormationAWS Black Belt Online Seminar 2016 AWS CloudFormation
AWS Black Belt Online Seminar 2016 AWS CloudFormation
 

Viewers also liked

Cross site calls with javascript - the right way with CORS
Cross site calls with javascript - the right way with CORSCross site calls with javascript - the right way with CORS
Cross site calls with javascript - the right way with CORS
Michael Neale
 
CORS - Enable Alfresco for CORS
CORS - Enable Alfresco for CORSCORS - Enable Alfresco for CORS
CORS - Enable Alfresco for CORS
Jared Ottley
 
Modern iframe programming
Modern iframe programmingModern iframe programming
Modern iframe programming
benvinegar
 
Cross-domain requests with CORS
Cross-domain requests with CORSCross-domain requests with CORS
Cross-domain requests with CORS
Vladimir Dzhuvinov
 
CORS and (in)security
CORS and (in)securityCORS and (in)security
CORS and (in)security
n|u - The Open Security Community
 
Cross Origin Resource Sharing
Cross Origin Resource SharingCross Origin Resource Sharing
Cross Origin Resource Sharing
Luke Weerasooriya
 
Machine Learning
Machine LearningMachine Learning
Machine Learning
Bharat Khatri
 
Stop-Loss - как это работает
Stop-Loss - как это работаетStop-Loss - как это работает
Stop-Loss - как это работает
Sergey Boronin
 
Cross domain knowledge discovery, complex system theory and semantic web
Cross domain knowledge discovery, complex system theory and semantic webCross domain knowledge discovery, complex system theory and semantic web
Cross domain knowledge discovery, complex system theory and semantic web
Andrea Scharnhorst
 
HTML5 hacking
HTML5 hackingHTML5 hacking
HTML5 hacking
Blueinfy Solutions
 
Google guava - almost everything you need to know
Google guava - almost everything you need to knowGoogle guava - almost everything you need to know
Google guava - almost everything you need to know
Tomasz Dziurko
 
Cookie testing
Cookie testingCookie testing
Cookie testing
BugRaptors
 
When you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesWhen you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the masses
Michele Orru
 
iOS WebView App
iOS WebView AppiOS WebView App
iOS WebView App
hagino 3000
 
Integral Ad Science Viewability Presentation
Integral Ad Science Viewability PresentationIntegral Ad Science Viewability Presentation
Integral Ad Science Viewability Presentation
Integral Ad Science
 
JavaScript Avanzado
JavaScript AvanzadoJavaScript Avanzado
JavaScript Avanzado
Adolfo Sanz De Diego
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Alvaro Sanchez-Mariscal
 
(Не)безопасный frontend
(Не)безопасный frontend(Не)безопасный frontend
(Не)безопасный frontend
Sergey Belov
 
Y Combinator Startup Class #1 : Ideas, Products, Teams and Execution (Part 1)
Y Combinator Startup Class #1 : Ideas, Products, Teams and Execution (Part 1)Y Combinator Startup Class #1 : Ideas, Products, Teams and Execution (Part 1)
Y Combinator Startup Class #1 : Ideas, Products, Teams and Execution (Part 1)
Fabien Grenet
 
How to start a Startup - Sam Altman
How to start a Startup - Sam AltmanHow to start a Startup - Sam Altman
How to start a Startup - Sam Altman
Mads Holmen
 

Viewers also liked (20)

Cross site calls with javascript - the right way with CORS
Cross site calls with javascript - the right way with CORSCross site calls with javascript - the right way with CORS
Cross site calls with javascript - the right way with CORS
 
CORS - Enable Alfresco for CORS
CORS - Enable Alfresco for CORSCORS - Enable Alfresco for CORS
CORS - Enable Alfresco for CORS
 
Modern iframe programming
Modern iframe programmingModern iframe programming
Modern iframe programming
 
Cross-domain requests with CORS
Cross-domain requests with CORSCross-domain requests with CORS
Cross-domain requests with CORS
 
CORS and (in)security
CORS and (in)securityCORS and (in)security
CORS and (in)security
 
Cross Origin Resource Sharing
Cross Origin Resource SharingCross Origin Resource Sharing
Cross Origin Resource Sharing
 
Machine Learning
Machine LearningMachine Learning
Machine Learning
 
Stop-Loss - как это работает
Stop-Loss - как это работаетStop-Loss - как это работает
Stop-Loss - как это работает
 
Cross domain knowledge discovery, complex system theory and semantic web
Cross domain knowledge discovery, complex system theory and semantic webCross domain knowledge discovery, complex system theory and semantic web
Cross domain knowledge discovery, complex system theory and semantic web
 
HTML5 hacking
HTML5 hackingHTML5 hacking
HTML5 hacking
 
Google guava - almost everything you need to know
Google guava - almost everything you need to knowGoogle guava - almost everything you need to know
Google guava - almost everything you need to know
 
Cookie testing
Cookie testingCookie testing
Cookie testing
 
When you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the massesWhen you don't have 0days: client-side exploitation for the masses
When you don't have 0days: client-side exploitation for the masses
 
iOS WebView App
iOS WebView AppiOS WebView App
iOS WebView App
 
Integral Ad Science Viewability Presentation
Integral Ad Science Viewability PresentationIntegral Ad Science Viewability Presentation
Integral Ad Science Viewability Presentation
 
JavaScript Avanzado
JavaScript AvanzadoJavaScript Avanzado
JavaScript Avanzado
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
 
(Не)безопасный frontend
(Не)безопасный frontend(Не)безопасный frontend
(Не)безопасный frontend
 
Y Combinator Startup Class #1 : Ideas, Products, Teams and Execution (Part 1)
Y Combinator Startup Class #1 : Ideas, Products, Teams and Execution (Part 1)Y Combinator Startup Class #1 : Ideas, Products, Teams and Execution (Part 1)
Y Combinator Startup Class #1 : Ideas, Products, Teams and Execution (Part 1)
 
How to start a Startup - Sam Altman
How to start a Startup - Sam AltmanHow to start a Startup - Sam Altman
How to start a Startup - Sam Altman
 

Similar to Breaking The Cross Domain Barrier

Design Reviewing The Web
Design Reviewing The WebDesign Reviewing The Web
Design Reviewing The Web
amiable_indian
 
Dmk Bo2 K7 Web
Dmk Bo2 K7 WebDmk Bo2 K7 Web
Dmk Bo2 K7 Web
royans
 
Web Browsers And Other Mistakes
Web Browsers And Other MistakesWeb Browsers And Other Mistakes
Web Browsers And Other Mistakes
kuza55
 
Browser Internals-Same Origin Policy
Browser Internals-Same Origin PolicyBrowser Internals-Same Origin Policy
Browser Internals-Same Origin Policy
Krishna T
 
Web Browsers And Other Mistakes
Web Browsers And Other MistakesWeb Browsers And Other Mistakes
Web Browsers And Other Mistakes
guest2821a2
 
Everybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooEverybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs too
Nahidul Kibria
 
How To Be A Hacker
How To Be A HackerHow To Be A Hacker
How To Be A Hacker
Paul Tarjan
 
XSS Without Browser
XSS Without BrowserXSS Without Browser
XSS Without Browser
kosborn
 
Real-Time with Flowdock
Real-Time with FlowdockReal-Time with Flowdock
Real-Time with Flowdock
Flowdock
 
Browser Horror Stories
Browser Horror StoriesBrowser Horror Stories
Browser Horror Stories
EC-Council
 
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
DEF CON 27 - BEN SADEGHIPOUR  - owning the clout through ssrf and pdf generatorsDEF CON 27 - BEN SADEGHIPOUR  - owning the clout through ssrf and pdf generators
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
Felipe Prado
 
Bringing The Sexy Back To WebWorkers
Bringing The Sexy Back To WebWorkersBringing The Sexy Back To WebWorkers
Bringing The Sexy Back To WebWorkers
Corey Clark, Ph.D.
 
Jinx - Malware 2.0
Jinx - Malware 2.0Jinx - Malware 2.0
Jinx - Malware 2.0
Itzik Kotler
 
Transforming WebSockets
Transforming WebSocketsTransforming WebSockets
Transforming WebSockets
Arnout Kazemier
 
Building Desktop RIAs with JavaScript and PHP - ZendCon09
Building Desktop RIAs with JavaScript and PHP - ZendCon09Building Desktop RIAs with JavaScript and PHP - ZendCon09
Building Desktop RIAs with JavaScript and PHP - ZendCon09
funkatron
 
Web technologies lesson 1
Web technologies   lesson 1Web technologies   lesson 1
Web technologies lesson 1
nhepner
 
Be ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruBe ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orru
Michele Orru
 
Douglas - Real JavaScript
Douglas - Real JavaScriptDouglas - Real JavaScript
Douglas - Real JavaScript
d0nn9n
 
Intro to advanced web development
Intro to advanced web developmentIntro to advanced web development
Intro to advanced web development
Stevie T
 
All of Javascript
All of JavascriptAll of Javascript
All of Javascript
Togakangaroo
 

Similar to Breaking The Cross Domain Barrier (20)

Design Reviewing The Web
Design Reviewing The WebDesign Reviewing The Web
Design Reviewing The Web
 
Dmk Bo2 K7 Web
Dmk Bo2 K7 WebDmk Bo2 K7 Web
Dmk Bo2 K7 Web
 
Web Browsers And Other Mistakes
Web Browsers And Other MistakesWeb Browsers And Other Mistakes
Web Browsers And Other Mistakes
 
Browser Internals-Same Origin Policy
Browser Internals-Same Origin PolicyBrowser Internals-Same Origin Policy
Browser Internals-Same Origin Policy
 
Web Browsers And Other Mistakes
Web Browsers And Other MistakesWeb Browsers And Other Mistakes
Web Browsers And Other Mistakes
 
Everybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooEverybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs too
 
How To Be A Hacker
How To Be A HackerHow To Be A Hacker
How To Be A Hacker
 
XSS Without Browser
XSS Without BrowserXSS Without Browser
XSS Without Browser
 
Real-Time with Flowdock
Real-Time with FlowdockReal-Time with Flowdock
Real-Time with Flowdock
 
Browser Horror Stories
Browser Horror StoriesBrowser Horror Stories
Browser Horror Stories
 
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
DEF CON 27 - BEN SADEGHIPOUR  - owning the clout through ssrf and pdf generatorsDEF CON 27 - BEN SADEGHIPOUR  - owning the clout through ssrf and pdf generators
DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators
 
Bringing The Sexy Back To WebWorkers
Bringing The Sexy Back To WebWorkersBringing The Sexy Back To WebWorkers
Bringing The Sexy Back To WebWorkers
 
Jinx - Malware 2.0
Jinx - Malware 2.0Jinx - Malware 2.0
Jinx - Malware 2.0
 
Transforming WebSockets
Transforming WebSocketsTransforming WebSockets
Transforming WebSockets
 
Building Desktop RIAs with JavaScript and PHP - ZendCon09
Building Desktop RIAs with JavaScript and PHP - ZendCon09Building Desktop RIAs with JavaScript and PHP - ZendCon09
Building Desktop RIAs with JavaScript and PHP - ZendCon09
 
Web technologies lesson 1
Web technologies   lesson 1Web technologies   lesson 1
Web technologies lesson 1
 
Be ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruBe ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orru
 
Douglas - Real JavaScript
Douglas - Real JavaScriptDouglas - Real JavaScript
Douglas - Real JavaScript
 
Intro to advanced web development
Intro to advanced web developmentIntro to advanced web development
Intro to advanced web development
 
All of Javascript
All of JavascriptAll of Javascript
All of Javascript
 

Recently uploaded

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
TIPNGVN2
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Zilliz
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
Pixlogix Infotech
 

Recently uploaded (20)

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
 

Breaking The Cross Domain Barrier

  • 1.
  • 2.
  • 3.
  • 4. Same Origin Policy It’s actually an important rule. You wouldn’t want to have this happen:
  • 5. Same Origin Policy It’s actually an important rule. You wouldn’t want to have this happen:
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16. JSONEN JavaScript Object Notation Except Not **Formerly JSONP
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31. Window.name HI! I’m Jerry the Window!
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44. What about cookies in Safari? If we post to an iframe it will thank us by sending cookies http://anantgarg.com/2010/02/18/cross-domain-cookies-in-safari/
  • 45.
  • 46.
  • 47.