background preloader

Using CORS

Using CORS
Introduction APIs are the threads that let you stitch together a rich web experience. But this experience has a hard time translating to the browser, where the options for cross-domain requests are limited to techniques like JSON-P (which has limited use due to security concerns) or setting up a custom proxy (which can be a pain to set up and maintain). Cross-Origin Resource Sharing (CORS) is a W3C spec that allows cross-domain communication from the browser. By building on top of the XMLHttpRequest object, CORS allows developers to work with the same idioms as same-domain requests. The use-case for CORS is simple. As you can see from this example, CORS support requires coordination between both the server and client. Making a CORS Request This section shows how to make a cross-domain request in JavaScript. Creating the XMLHttpRequest object CORS is supported in the following browsers: Chrome 3+Firefox 3.5+Opera 12+Safari 4+Internet Explorer 8+ (see the complete list of supported browsers at

Related:  OWIN and KatanaTech StuffWeb Dev Tools

Using CORS in ASP.NET WebAPI Without Being a Rocket Scientist If you have done any extensive work with AJAX calls, then the odds are that you have fun into an unfriendly (only for security purposes) mechanism that will have your request ground to a halt and its name is CORS (Cross Origin Resource Sharing). Most commonly this will occur when you are attempting to pull data from a source other than where the request originated from (which raises flags in the security department) although the requests may often be legitimate. This article will discuss the steps necessary to implement and enhance CORS support within ASP.NET WebAPI allowing you to handle CORS Requests at a Global, Controller, or Action level to provide more flexibility when working with possible cross-origin requests.

Five Ways to Reset a Lost Administrator Password Several years ago, I was helping a client upgrade her Mac running Mac OS X 10.5 Leopard, but she couldn’t remember her administrator password. Because she also couldn’t find the original system CDs that shipped with her iMac, I had to resort to some advanced techniques few home users would ever be able to figure out. Starting with 10.7 Lion, you could still call on all those options, but Apple added a method so easy that even an inexperienced user can do it — the Apple ID-based password reset. Let’s explore all the options to reset a password.

20 Useful Docs and Guides for Front-End Developers I come across so many interesting info-apps and documents in my daily research, so I thought I’d provide a list of those here. True, not everyone likes the “list post” or roundup, but hey, we can’t please everyone. And we don’t do these types of posts too often anyhow. In this case, this is a great way to bookmark a few things maybe for some evening or weekend reading. I guarantee you’ll find at least a few links in here that you’ll want to come back to. AngularJS, Jersey, JSP and Java EE 6 » Imifos' Lucubratory The “topro” project (short for “topic proposer”, sorry I wasn’t very inspired on this) is a test that I made to play around with AngularJS. In the opposite to a lot of AngularJS examples on the net, the project implements the entire chain: AngualarJS on the browser side, REST to communicate with the application server, JAX-RS/Jersey as server-side REST implementation, JSP as templating system of the server-side front-end, Java EE 6 for server-side back-end. The project demonstrates many different things, some of them enumerated hereunder. The choice of using JSP technology for templating may seem strange at first sight.

Cross-domain Ajax with Cross-Origin Resource Sharing A couple of years ago, web developers were banging their head against the first wall in Ajax: the same-origin policy. While we marveled at the giant step forward enabled by cross-browser support for the XMLHttpRequest object, we quickly bemoaned the fact that there was no way to make a request to a different domain from JavaScript. Everyone setup proxies on their web sites, which was the onset of a new host of open redirect problems, as a way to get around the restriction. Although developers were working around this limitation using server-side proxies as well as other techniques, the community outcry was around allowing native cross-domain Ajax requests. A lot of people are unaware that almost all browsers (Internet Explorer 8+, Firefox 3.5+, Safari 4+, and Chrome) presently support cross-domain Ajax via a protocol called Cross-Origin Resource Sharing.

Server Side Cheaters Brett Terpstra rolled out Cheaters awhile ago. If you are unfamiliar, it is a system for viewing your own custom cheat sheets on the Mac. His version is very attractive and highly functional but requires a Mac to view and a method of creating HTML tables.1 Of course, I like to make things difficult. I want my cheat sheets available to me when I'm away from my Mac, so that means Cheaters will not work for me.

10 HTML Tags You Might Not Be Using As a front-end developer you no doubt use HTML constantly and probably feel it doesn’t have any more unknowns. Nevertheless, the way it has evolved (in particular with the advent of HTML5) may surprise you at times. In this article, I’ll show you 10 HTML tags you may not be using or maybe even aren’t yet aware of that help to increase the semantics and maintainability of your web pages. NodeCellar: Sample Application with Backbone.js, Twitter Bootstrap, Node.js, Express, and MongoDB In my previous post, I shared my recent experience building a RESTful API with Node.js, MongoDB, and Express. In this post, I’m sharing the client application that uses that RESTful API. The Node Cellar application allows you to manage (retrieve, create, update, delete) the wines in a wine cellar database. The client application is built with Backbone.js and Twitter Bootstrap. Run the Application You can run the application here.

Cookies With My CORS - Quick Left Since early implementations of the CORS (Cross-Origin Resource Sharing) specification, developers have been eager to drop the JSONP hack in favor of a proper cross-domain request. CORS means that XHRs are sent with the ORIGIN header, and expect the server to include that ORIGIN (or *) in the Access-Control-Allow-Origin response header. For requests other than GET and some POST, this is done as a "preflight". The browser/server allow matched requests and the server responds with the cross-domain goodness. Omnom Cookies But what about HTTP Auth and Cookies?

Using Bootstrap Typeahead To Filter A WebGrid In this post I am going to combine a couple of previous posts to allow us to filter a WebGrid using Bootstraps Typeahead. The Typeahead will work via an AJAX call to get search results. We are going to allow the user to select a number of different columns to filter on. We’ll also need to re-set the filter and ensure that the filter isn’t lost when sorting or paging. On Graph Computing The concept of a graph has been around since the dawn of mechanical computing and for many decades prior in the domain of pure mathematics. Due in large part to this golden age of databases, graphs are becoming increasingly popular in software engineering. Graph databases provide a way to persist and process graph data. However, the graph database is not the only way in which graphs can be stored and analyzed. Graph computing has a history prior to the use of graph databases and has a future that is not necessarily entangled with typical database concerns. There are numerous graph technologies that each have their respective benefits and drawbacks.

XHTML and CSS video lectures, Bucky Roberts of Other SEE: Guide to Download YouTube Video Lecture Lecture Details : For all of my tutorials, go to Course Description : Contents: Downloading a Text Editor - Creating our First Webpage - body and headers - Paragraphs and Line Breaks - Bold, Italics, and Comments - Adding Links to our Webpage - Creating a Link Within a Web Page - Email Links and Tool Tips - Adding Images to the Webpage - Resizing Images - Tables - Table Headers and Movie Stars! - colspan & Annoying People - Table width, cellpadding, and cellspacing - Lists - Intro to CSS