Recommended
Recommended
More Related Content
Similar to CORS для тестирования и для жизни — Константин Якушев
Similar to CORS для тестирования и для жизни — Константин Якушев (7)
More from Yandex
More from Yandex (20)
CORS для тестирования и для жизни — Константин Якушев
- 1. CORS http://cors.kojo.ru Константин Якушев MoscowJS 14, 28.08.2014
- 7. function Fetch() { var Url = "http://api.ya.ru/"; var xhr = new XMLHttpRequest(); xhr.onreadystatechange = ProcessResponse; xhr.open("GET", Url); xhr.send(null); }
- 8. function Fetch() { var Url = "http://api.ya.ru/"; $.get(Url, ProcessResponse); }
- 18. browser GET /data api.ya.ru without CORS GET /data Origin: http://m.ya.ru XHR m.ya.ru
- 19. browser GET /data api.ya.ru without CORS GET /data Origin: http://m.ya.ru <Content> XHR m.ya.ru
- 20. browser GET /data api.ya.ru without CORS GET /data Origin: http://m.ya.ru <Content> ERROR XHR m.ya.ru
- 22. Access-Control-Allow-Origin: * Access-Control-Allow-Origin: http://ya.ru Access-Control-Allow-Origin: null Access-Control-Allow-Origin: ya.ru, www.ru Access-Control-Allow-Origin: http://*.ya.ru
- 25. browser XHR m.ya.ru GET /data GET /data Origin: http://m.ya.ru api.ya.ru with CORS
- 26. browser XHR m.ya.ru GET /data GET /data Origin: http://m.ya.ru Access-Control-Allow-Origin: * <Content> api.ya.ru with CORS
- 27. browser XHR m.ya.ru GET /data GET /data Origin: http://m.ya.ru Access-Control-Allow-Origin: * <Content> <Content> api.ya.ru with CORS
- 30. browser POST /new OPTIONS /new Origin: http://m.ya.ru Access-Control-Request-Method: POST XHR m.ya.ru api.ya.ru without CORS
- 31. browser POST /new OPTIONS /new Origin: http://m.ya.ru Access-Control-Request-Method: POST o_O XHR m.ya.ru api.ya.ru without CORS
- 32. browser POST /new OPTIONS /new Origin: http://m.ya.ru Access-Control-Request-Method: POST o_O <ERROR> XHR m.ya.ru api.ya.ru without CORS
- 33. Access-Control-Allow-Methods: * Access-Control-Allow-Methods: POST Access-Control-Allow-Methods: DELETE Access-Control-Allow-Methods: POST, PUT Access-Control-Allow-Methods: P*
- 37. browser POST /new OPTIONS /new Origin: http://m.ya.ru Access-Control-Request-Method: POST XHR m.ya.ru api.ya.ru with CORS
- 38. browser POST /new OPTIONS /new Origin: http://m.ya.ru Access-Control-Request-Method: POST Access-Control-Allow-Methods: POST XHR m.ya.ru api.ya.ru with CORS
- 39. browser POST /new OPTIONS /new Origin: http://m.ya.ru Access-Control-Request-Method: POST Access-Control-Allow-Methods: POST POST /new XHR m.ya.ru api.ya.ru with CORS
- 40. browser POST /new OPTIONS /new Origin: http://m.ya.ru Access-Control-Request-Method: POST Access-Control-Allow-Methods: POST POST /new <POST result> XHR m.ya.ru api.ya.ru with CORS
- 41. browser POST /new OPTIONS /new Origin: http://m.ya.ru Access-Control-Request-Method: POST Access-Control-Allow-Methods: POST POST /new <POST result> <POST result> XHR m.ya.ru api.ya.ru with CORS
- 42. Access-Control-Allow-Headers: * Access-Control-Allow-Headers: x-header Access-Control-Allow-Headers: x-smpl Access-Control-Allow-Headers: x-he, x-smpl Access-Control-Allow-Headers: x-*
- 43. Access-Control-Expose-Headers: * Access-Control-Expose-Headers: x-header Access-Control-Expose-Headers: x-smpl Access-Control-Expose-Headers: x-he, x-smpl Access-Control-Expose-Headers: x-*
- 44. function Add() { var Url = "http://api.ya.ru/new"; $.ajax({ url: Url, data: { name:'foo' }, type: 'POST', xhrFields: { withCredentials: true }); }
- 50. 8+ 10+
- 53. <html><head> <script src="http://ya.ru/?script"></script> <link rel="stylesheet" href="http://ya.ru/?css"> </head> <body> <img src="http://ya.ru/?img"> <form action=" http://ya.ru/" method="get"> <input type="text" name="test"> <input type="submit"> </form> </body></html>
- 55. <script type="text/javascript"> function parseQuote(response) {alert(response);} </script> <script type="text/javascript" src="http://api.forismatic.com/api/1.0/?met hod=getQuote&format=jsonp&jsonp=parseQuote" ></script> Response: parseQuote({"quoteText":"Text", "quoteAuthor":"Author"})