《CORS in Action》简介:

CORS in Action introduces Cross-Origin Resource Sharing (CORS) from both the server and the client perspective. It starts with the basics: how to make CORS requests and how to implement CORS on the server. It then explores key details such as performance, debugging, and security. API authors will learn how CORS opens their APIs to a wider range of users. JavaScript developers will find valuable techniques for building rich web apps that can take advantage of APIs hosted anywhere. The techniques described in this book are especially applicable to mobile environments, where browsers are guaranteed to support CORS.

《CORS in Action》目录:

foreword
preface
acknowledgments
about this book
author online
about the author
about the cover illustration
Part 1 Introducing CORS
Chapter 1 The Core of CORS
What is CORS?
CORS by example
Benefits of CORS
Summary
Chapter 2 Making CORS requests
What is a cross-origin request?
Browser support for CORS
Using the XMLHttpRequest object
XDomainRequest object in Internet Explorer 8 and 9
Canvas and cross-origin images
CORS requests from jQuery
Summary
Part 2 CORS on the server
Chapter 3 Handling CORS requests
Setting up the sample code
Making a CORS request
Anatomy of a CORS request
Making a request with the Origin header
Responding to a CORS request
Summary
Chapter 4 Handling preflight requests
What is a preflight request?
Triggering a preflight request
Identifying a preflight request
Responding to a preflight request
Recapping preflights
Preflight result cache
Summary
Chapter 5 Cookies and response headers
Supporting cookies in CORS requests
Exposing response headers to the client
Summary
Chapter 6 Best practices
Refactoring the sample code
Before you begin
Setting the Access-Control-Allow-Origin header
Security
Handling preflight requests
Reducing preflight requests
Exposing response headers
CORS and redirects
Summary
Part 3 Debugging CORS requests
Chapter 7 Debugging CORS requests
Solving CORS errors
Using the browser’s developer tools
Monitoring network traffic
Using curl to simulate CORS requests
Sending requests using test-cors.org
Tips for mobile debugging
Getting help
Summary
Appendixes
appendix A CORS reference
HTTP headers
Other terms used in CORS
appendix B Configuring your environment
Setting up for the sample application
Debugging tools
Resources
appendix C What is CSRF?
What is CSRF?
Implementing CSRF protection for same-origin requests
appendix D Other cross-origin techniques
JSONP
Flash
postMessage and easyXDM
Server-side request
index
· · · · · ·