CORS. Константин Якушев MoscowJS 14,
|
|
- Madlyn Oliver
- 5 years ago
- Views:
Transcription
1 CORS Константин Якушев MoscowJS 14,
2
3
4
5
6
7 function Fetch() { var Url = " var xhr = new XMLHttpRequest(); xhr.onreadystatechange = ProcessResponse; } xhr.open("get", Url); xhr.send(null);
8 function Fetch() { var Url = " $.get(url, ProcessResponse); }
9
10
11
12 nginx
13 nginx local nginx
14
15
16 XHR m.ya.ru api.ya.ru without CORS browser
17 XHR m.ya.ru GET /data api.ya.ru without CORS browser
18 XHR m.ya.ru GET /data GET /data Origin: api.ya.ru without CORS browser
19 XHR m.ya.ru GET /data GET /data Origin: <Content> api.ya.ru without CORS browser
20 XHR m.ya.ru GET /data ERROR GET /data Origin: <Content> api.ya.ru without CORS browser
21 header("access-control-allow-origin: *");
22 Access-Control-Allow-Origin: * Access-Control-Allow-Origin: Access-Control-Allow-Origin: null Access-Control-Allow-Origin: ya.ru, Access-Control-Allow-Origin:
23 XHR m.ya.ru api.ya.ru with CORS browser
24 XHR m.ya.ru GET /data api.ya.ru with CORS browser
25 XHR m.ya.ru GET /data GET /data Origin: api.ya.ru with CORS browser
26 XHR m.ya.ru GET /data GET /data Origin: Access-Control-Allow-Origin: * <Content> api.ya.ru with CORS browser
27 XHR m.ya.ru GET /data <Content> GET /data Origin: Access-Control-Allow-Origin: * <Content> api.ya.ru with CORS browser
28 XHR m.ya.ru api.ya.ru without CORS browser
29 XHR m.ya.ru POST /new api.ya.ru without CORS browser
30 XHR m.ya.ru POST /new OPTIONS /new Origin: Access-Control-Request-Method: POST api.ya.ru without CORS browser
31 XHR m.ya.ru POST /new OPTIONS /new Origin: Access-Control-Request-Method: POST o_o api.ya.ru without CORS browser
32 XHR m.ya.ru POST /new <ERROR> OPTIONS /new Origin: Access-Control-Request-Method: POST o_o api.ya.ru without CORS browser
33 Access-Control-Allow-Methods: * Access-Control-Allow-Methods: POST Access-Control-Allow-Methods: DELETE Access-Control-Allow-Methods: POST, PUT Access-Control-Allow-Methods: P*
34 header("access-control-allow-origin: *"); if(request_is_options()) { header("access-control-allow-methods: POST"); }
35 XHR m.ya.ru api.ya.ru with CORS browser
36 XHR m.ya.ru POST /new api.ya.ru with CORS browser
37 XHR m.ya.ru POST /new OPTIONS /new Origin: Access-Control-Request-Method: POST api.ya.ru with CORS browser
38 XHR m.ya.ru POST /new OPTIONS /new Origin: Access-Control-Request-Method: POST Access-Control-Allow-Methods: POST api.ya.ru with CORS browser
39 XHR m.ya.ru POST /new OPTIONS /new Origin: Access-Control-Request-Method: POST Access-Control-Allow-Methods: POST POST /new api.ya.ru with CORS browser
40 XHR m.ya.ru POST /new OPTIONS /new Origin: Access-Control-Request-Method: POST Access-Control-Allow-Methods: POST POST /new api.ya.ru with CORS browser <POST result>
41 XHR m.ya.ru POST /new <POST result> OPTIONS /new Origin: Access-Control-Request-Method: POST Access-Control-Allow-Methods: POST POST /new api.ya.ru with CORS browser <POST result>
42 Access-Control-Allow-Headers: * Access-Control-Allow-Headers: x-header Access-Control-Allow-Headers: x-smpl Access-Control-Allow-Headers: x-he, x-smpl Access-Control-Allow-Headers: x-*
43 Access-Control-Expose-Headers: * Access-Control-Expose-Headers: x-header Access-Control-Expose-Headers: x-smpl Access-Control-Expose-Headers: x-he, x-smpl Access-Control-Expose-Headers: x-*
44 function Add() { var Url = " $.ajax({ url: Url, data: { name:'foo' }, type: 'POST', xhrfields: { withcredentials: true }); }
45 header("access-control-allow-credentials: true");
46 header("access-control-allow-origin: *"); header("access-control-allow-credentials: true"); if(request_is_options()) { header("access-control-allow-methods: POST"); }
47 header("access-control-allow-origin: *"); header("access-control-allow-credentials: true"); if(request_is_options()) { header("access-control-allow-methods: POST"); }
48 header("access-control-allow-origin: header("access-control-allow-credentials: true"); if(request_is_options()) { header("access-control-allow-methods: POST"); }
49
50 8+ 10+
51 Константин Якушев MoscowJS 14,
52 Бонус-трэк! XSRF и JSONP
53 <html><head> <script src=" <link rel="stylesheet" href=" </head> <body> <img src=" <form action=" method="get"> <input type="text" name="test"> <input type="submit"> </form> </body></html>
54
55 <script type="text/javascript"> function parsequote(response) {alert(response);} </script> <script type="text/javascript" src=" hod=getquote&format=jsonp&jsonp=parsequote" ></script> Response: parsequote({"quotetext":"text", "quoteauthor":"author"})
56 Константин Якушев MoscowJS 14,
ajax1.html 1/2 lectures/7/src/ ajax1.html 2/2 lectures/7/src/
ajax1.html 1/2 3: ajax1.html 5: Gets stock quote from quote1.php via Ajax, displaying result with alert(). 6: 7: David J. Malan 8: Dan Armendariz 9: Computer Science E-75 10: Harvard Extension School 11:
More informationsrc1-malan/ajax/ajax1.html ajax1.html Gets stock quote from quote1.php via Ajax, displaying result with alert().
src1-malan/ajax/ajaxhtml 1 1 1 1 1 2 2 2 2 2 2 2 2 30. 3 3 3 3 3 3 3 3 3 40. 4 4 4 4 4 4 4 4 ajaxhtml Gets stock quote from quotephp via Ajax, displaying result with alert(). Building Mobile Applications
More informationLEARN HOW TO USE CA PPM REST API in 2 Minutes!
LEARN HOW TO USE CA PPM REST API in 2 Minutes! WANT TO LEARN MORE ABOUT CA PPM REST API? If you are excited about the updates to the REST API in CA PPM V14.4 and would like to explore some of the REST
More informationajax1.html 1/2 lectures/9/src/ajax/ ajax1.html 2/2 lectures/9/src/ajax/
ajax1.html 1/2 3: ajax1.html 5: Gets stock quote from quote1.php via Ajax, displaying result with alert(). 6: 7: Computer Science 50 8: David J. Malan 9: 10: --> 1 1 15: 16:
More informationNetworking & The Web. HCID 520 User Interface Software & Technology
Networking & The Web HCID 520 User Interface Software & Technology Uniform Resource Locator (URL) http://info.cern.ch:80/ 1991 HTTP v0.9 Uniform Resource Locator (URL) http://info.cern.ch:80/ Scheme/Protocol
More informationCS 498RK FALL RESTFUL APIs
CS 498RK FALL 2017 RESTFUL APIs Designing Restful Apis blog.mwaysolutions.com/2014/06/05/10-best-practices-for-better-restful-api/ www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api Resources
More informationNetworking & The Web. HCID 520 User Interface Software & Technology
Networking & The HCID 520 User Interface Software & Technology Uniform Resource Locator (URL) http://info.cern.ch:80/ 1991 HTTP v0.9 Uniform Resource Locator (URL) http://info.cern.ch:80/ Scheme/Protocol
More informationAJAX ASYNCHRONOUS JAVASCRIPT AND XML. Laura Farinetti - DAUIN
AJAX ASYNCHRONOUS JAVASCRIPT AND XML Laura Farinetti - DAUIN Rich-client asynchronous transactions In 2005, Jesse James Garrett wrote an online article titled Ajax: A New Approach to Web Applications (www.adaptivepath.com/ideas/essays/archives/000
More informationThis is CS50 CS164. Mobile Software Engineering
This is CS50 CS164 Mobile Software Engineering diff cs50 cs164 HTML5, PHP, JavaScript, Objective-C workload typedef struct node { int n; struct node *next; } node; typedef struct node { student *student;
More informationlectures/0/src0/cs76/css/index.html index.html David J. Malan A homepage for the course that mimics ios's UI. 11. <!
lectures/0/src0/cs76/css/index.html 1 1 1 1 1 1 1 2 2 2 2 2 2 2
More informationController/server communication
Controller/server communication Mendel Rosenblum Controller's role in Model, View, Controller Controller's job to fetch model for the view May have other server communication needs as well (e.g. authentication
More informationSecurity implications of the Cross-Origin Resource Sharing. Gergely Revay
Security implications of the Cross-Origin Resource Sharing Gergely Revay http://gerionsecurity.com @geri_revay Disclaimer This presentation is purely my opinion and not related to SIEMENS. https://c1.staticflickr.com/1/21/27423135_082e7b5983.jpg
More informationAt the Forge Beginning Ajax Reuven M. Lerner Abstract How to put the A (asynchronous) in Ajax. Many programmers, myself included, have long seen JavaScript as a way to change the appearance of a page of
More informationAjax Application Design
Ajax Application Design Reuven M. Lerner Abstract Asynchronous is the operative word with Ajax, and here's what it's all about. During the past few months, I've used this column to explore a number of
More informationController/server communication
Controller/server communication Mendel Rosenblum Controller's role in Model, View, Controller Controller's job to fetch model for the view May have other server communication needs as well (e.g. authentication
More informationCS 5142 Scripting Languages
CS 5142 Scripting Languages 10/16/2015 Web Applications Databases 1 Outline Stateful Web Applications AJAX 2 Concepts Scope in Server-Side Scripts Request $_GET, $_POST global $g; Session $_SESSION Application
More informationWeb Security: Loose Ends
CSE 484 / CSE M 584: Computer Security and Privacy Web Security: Loose Ends Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno,
More informationWeb Programming/Scripting: PHP and AJAX Refresher
CS 312 Internet Concepts Web Programming/Scripting: PHP and AJAX Refresher Dr. Michele Weigle Department of Computer Science Old Dominion University mweigle@cs.odu.edu http://www.cs.odu.edu/~mweigle/cs312-f11
More informationquiz 1 details wed nov 17, 1pm see handout for locations covers weeks 0 through 10, emphasis on 7 onward closed book bring a , 2-sided cheat she
quiz 1 details wed nov 17, 1pm see handout for locations covers weeks 0 through 10, emphasis on 7 onward closed book bring a 8.5 11, 2-sided cheat sheet 75 minutes 15% of final grade resources old quizzes
More informationSome Facts Web 2.0/Ajax Security
/publications/notes_and_slides Some Facts Web 2.0/Ajax Security Allen I. Holub Holub Associates allen@holub.com Hackers attack bugs. The more complex the system, the more bugs it will have. The entire
More information10.1 Overview of Ajax
10.1 Overview of Ajax - History - Possibility began with the nonstandard iframe element, which appeared in IE4 and Netscape 4 - An iframe element could be made invisible and could be used to send asynchronous
More informationUse of PHP for DB Connection. Middle and Information Tier. Middle and Information Tier
Use of PHP for DB Connection 1 2 Middle and Information Tier PHP: built in library functions for interfacing with the mysql database management system $id = mysqli_connect(string hostname, string username,
More informationComputer Science nd Exam Prof. Papa Thursday, December 8, 2016, 6:00pm 7:20pm
Computer Science 571 2 nd Exam Prof. Papa Thursday, December 8, 2016, 6:00pm 7:20pm Name: Student ID Number: 1. This is a closed book exam. 2. Please answer all questions on the test JSON Question [10
More informationDevelopment of Web Applications
Development of Web Applications Principles and Practice Vincent Simonet, 2015-2016 Université Pierre et Marie Curie, Master Informatique, Spécialité STL 5 Client Technologies Vincent Simonet, 2015-2016
More informationRKN 2015 Application Layer Short Summary
RKN 2015 Application Layer Short Summary HTTP standard version now: 1.1 (former 1.0 HTTP /2.0 in draft form, already used HTTP Requests Headers and body counterpart: answer Safe methods (requests): GET,
More informationWeb application Architecture
1 / 37 AJAX Prof. Cesare Pautasso http://www.pautasso.info cesare.pautasso@usi.ch @pautasso Web application Architecture 5 / 37 Client Server Backend Response Database File System 2013 Cesare Pautasso
More informationOracle Transportation Management. REST API Getting Started Guide Release Part No. E
Oracle Transportation Management REST API Getting Started Guide Release 6.4.2 Part No. E83559-02 August 2017 Oracle Transportation Management REST API Getting Started Guide, Release 6.4.2 Part No. E83559-02
More informationWeb 2.0 Attacks Explained
Web 2.0 Attacks Explained Kiran Maraju, CISSP, CEH, ITIL, ISO27001, SCJP Email: Kiran_maraju@yahoo.com Abstract This paper details various security concerns and risks associated with web 2.0 technologies
More informationTable of Contents 1.1. Introduction 1.2. General HTTP Handling 1.3. HTTP Interface 1.4. Databases To-Endpoint Management 1.4.
Table of Contents Introduction General HTTP Handling HTTP Interface Databases To-Endpoint Management Notes on Databases Collections Creating Getting Information Modifying Documents Basics and Terminology
More informationJavaScript Performance QCon San Francisco, Nov 8, 2012
JavaScript Performance Pa1erns @stoyanstefanov QCon San Francisco, Nov 8, 2012 JavaScript Performance Pa1erns Importance of Performance h1p://bookofspeed.com Importance of JavaScript Performance h1p://h1parchive.org
More informationCITS1231 Web Technologies. Ajax and Web 2.0 Turning clunky website into interactive mashups
CITS1231 Web Technologies Ajax and Web 2.0 Turning clunky website into interactive mashups What is Ajax? Shorthand for Asynchronous JavaScript and XML. Coined by Jesse James Garrett of Adaptive Path. Helps
More informationLecture 17 Browser Security. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422
Lecture 17 Browser Security Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422 Documents Browser's fundamental role is to display documents comprised
More informationSecurity. CSC309 TA: Sukwon Oh
Security CSC309 TA: Sukwon Oh Outline SQL Injection NoSQL Injection (MongoDB) Same Origin Policy XSSI XSS CSRF (XSRF) SQL Injection What is SQLI? Malicious user input is injected into SQL statements and
More information1 Announcements (0:00 2:00) 2
Contents 1 Announcements (0:00 2:00) 2 2 Ajax (2:00 105:00) 2 2.1 Introduction.............................. 2 2.2 Data-driven Websites......................... 2 2.3 Getting Started............................
More informationAjax- XMLHttpResponse. Returns a value such as ArrayBuffer, Blob, Document, JavaScript object, or a DOMString, based on the value of
Ajax- XMLHttpResponse XMLHttpResponse - A Read only field Returns a value such as ArrayBuffer, Blob, Document, JavaScript object, or a DOMString, based on the value of XMLHttpRequest.responseType. This
More informationAJAX and JSON. Day 8
AJAX and JSON Day 8 Overview HTTP as a data exchange protocol Components of AJAX JSON and XML XMLHttpRequest Object Updating the HTML document References Duckett, chapter 8 http://www.w3schools.com/ajax/default.asp
More informationDeveloping Ajax Applications using EWD and Python. Tutorial: Part 2
Developing Ajax Applications using EWD and Python Tutorial: Part 2 Chapter 1: A Logon Form Introduction This second part of our tutorial on developing Ajax applications using EWD and Python will carry
More informationXMLHttpRequest. CS144: Web Applications
XMLHttpRequest http://oak.cs.ucla.edu/cs144/examples/google-suggest.html Q: What is going on behind the scene? What events does it monitor? What does it do when
More informationUse of PHP for DB Connection. Middle and Information Tier
Client: UI HTML, JavaScript, CSS, XML Use of PHP for DB Connection Middle Get all books with keyword web programming PHP Format the output, i.e., data returned from the DB SQL DB Query Access/MySQL 1 2
More informationCSC309 - Winter Lab 9 - Understanding JS Event Loops, Scopes and JSONP
CSC309 - Winter 2017 Lab 9 - Understanding JS Event Loops, Scopes and JSONP JS Event Loops TAs please skim through the important parts of this video, answer any questions students might have. Demo Tool:
More informationAurelia comes with 2 http client libraries:
Aurelia Http Http Clients Aurelia comes with 2 http client libraries: aurelia-http-client - A basic HttpClient based on XMLHttpRequest. It supports all HTTP verbs, JSONP and request cancellation. aurelia-fetch-client
More informationSession 18. jquery - Ajax. Reference. Tutorials. jquery Methods. Session 18 jquery and Ajax 10/31/ Robert Kelly,
Session 18 jquery - Ajax 1 Tutorials Reference http://learn.jquery.com/ajax/ http://www.w3schools.com/jquery/jquery_ajax_intro.asp jquery Methods http://www.w3schools.com/jquery/jquery_ref_ajax.asp 2 10/31/2018
More informationForm Processing in PHP
Form Processing in PHP Forms Forms are special components which allow your site visitors to supply various information on the HTML page. We have previously talked about creating HTML forms. Forms typically
More informations642 web security computer security adam everspaugh
s642 computer security web security adam everspaugh ace@cs.wisc.edu review memory protections / data execution prevention / address space layout randomization / stack protector Sandboxing / Limit damage
More informationjquery: JavaScript, Made Easy
jquery: JavaScript, Made Easy 1 What is jquery? jquery is JavaScript. jquery is a Framework, a collec:on of shortcuts jquery is a pla@orm for moderniza:on. jquery is open- source - hdps://github.com/jquery/jquery
More informationBrowser code isolation
CS 155 Spring 2016 Browser code isolation John Mitchell Acknowledgments: Lecture slides are from the Computer Security course taught by Dan Boneh and John Mitchell at Stanford University. When slides are
More informationAt the Forge Prototype Reuven M. Lerner Abstract Prototype eases the burden of using JavaScript in Ajax. During the last few months, we have looked at ways to use JavaScript, a version of which is included
More informationaddress view... 3 URL... 3 Method... 3 URL Params... 3 Required... 3 Optional... 3 Data Params... 4 Success Response... 4 Error Response...
CONTENT address view... 3 URL... 3 Method... 3 URL Params... 3 Required... 3 Optional... 3 Data Params... 4 Success Response... 4 Error Response... 4 Sample Call... 4 JQuery/Ajax... 4 Curl... 5 Notes...
More informationUsing the Visualization API with GWT and Other Advanced Topics. Itai Raz May 27, 2009
Using the Visualization API with GWT and Other Advanced Topics Itai Raz May 27, 2009 Agenda Visualization API & GWT More Advanced Topics Latency Security / Privacy Data View Q&A The Google Visualization
More informationUser Interaction: jquery
User Interaction: jquery Assoc. Professor Donald J. Patterson INF 133 Fall 2012 1 jquery A JavaScript Library Cross-browser Free (beer & speech) It supports manipulating HTML elements (DOM) animations
More informationWriting Secure Chrome Apps and Extensions
Writing Secure Chrome Apps and Extensions Keeping your users safe Jorge Lucángeli Obes Software Engineer Keeping users safe A lot of work going into making browsers more secure What about users' data?
More informationIBM Bluemix Node-RED Watson Starter
IBM Bluemix Node-RED Watson Starter Cognitive Solutions Application Development IBM Global Business Partners Duration: 45 minutes Updated: Feb 14, 2018 Klaus-Peter Schlotter kps@de.ibm.com Version 1 Overview
More informationCPA JS Tag. < Tracking Methodology and Examples > 2018/11/21
CPA JS Tag < Tracking Methodology and Examples > 2018/11/21 CPA: Java Script Tracking Flow LINE Corporation 2 CPA: Java Script Tracking Flow LINE Campaign Detail Page Clientʼs Landing Page Thank you Page
More informationClient-Side Security Using CORS
Università Ca Foscari Venezia Master s Degree programme Second Cycle (D.M. 270/2004) in Informatica Computer Science Final Thesis Client-Side Security Using CORS Supervisor Prof. Focardi Riccardo Candidate
More informationAjax Ajax Ajax = Asynchronous JavaScript and XML Using a set of methods built in to JavaScript to transfer data between the browser and a server in the background Reduces the amount of data that must be
More informationfunction initcompleted() { settimeout('fbegin1()',300); } var allstudents = '';
Remote Scripting Using a Java Applet as an Client/Server Interface Interface to Server: URL : http://coronet.iicm.edu/wbtmaster/groovy/sdm_applet.groovy?action=libstring.lib URL : http://coronet.iicm.edu/wbtmaster/groovy/sdm_applet.groovy?action=0012868.lib
More informationDeveloper's Guide to Sitecore.Services.Client
Developer's Guide to Sitecore.Services.Client Rev: 18 September 2015 Sitecore Experience Platform 7.5 or later Developer's Guide to Sitecore.Services.Client Table of Contents Chapter 1 Introduction and
More informationHacking Web Sites Cross Site Scripting
Hacking Web Sites Cross Site Scripting Emmanuel Benoist Spring Term 2018 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 1 Table of Contents Presentation Stored
More informationCopy and Paste the scripts below into the Alter Response Replacement field:
Copy and Paste this Alter Response Pattern in the first field ^([\s\s]*)$ Copy and Paste the scripts below into the Alter Response Replacement field: There are two example scripts - one that make the images
More informationJquery Ajax Json Php Mysql Data Entry Example
Jquery Ajax Json Php Mysql Data Entry Example Then add required assets in head which are jquery library, datatable js library and css By ajax api we can fetch json the data from employee-grid-data.php.
More informationJOE WIPING OUT CSRF
JOE ROZNER @JROZNER WIPING OUT CSRF IT S 2017 WHAT IS CSRF? 4 WHEN AN ATTACKER FORCES A VICTIM TO EXECUTE UNWANTED OR UNINTENTIONAL HTTP REQUESTS WHERE DOES CSRF COME FROM? LET S TALK HTTP SAFE VS. UNSAFE
More informationPenetration Test Report
Penetration Test Report Feb 12, 2018 Ethnio, Inc. 6121 W SUNSET BLVD LOS angeles, CA 90028 Tel (888) 879-7439 ETHN.io Summary This document contains the most recent pen test results from our third party
More informationCross-Platform Analysis of Indirect File Leaks in Android and ios Applications
HITCON Pacific 17 Cross-Platform Analysis of Indirect File Leaks in Android and ios Applications Daoyuan Wu PhD Candidate at SMU Appified World Pic source: https://www.hughesandco.com/native-mobile-apps-vs-web-apps/
More informationMul$media im Netz (Online Mul$media) Wintersemester 2014/15. Übung 06 (Haup-ach)
Mul$media im Netz (Online Mul$media) Wintersemester 2014/15 Übung 06 (Haup-ach) Ludwig- Maximilians- Universität München Online Mul6media WS 2014/15 - Übung 06-1 Today s Agenda Flashback: 5 th Tutorial
More informationAJAX. Ajax: Asynchronous JavaScript and XML *
AJAX Ajax: Asynchronous JavaScript and XML * AJAX is a developer's dream, because you can: Read data from a web server - after the page has loaded Update a web page without reloading the page Send data
More informationNeat tricks to bypass CSRF-protection. Mikhail
Neat tricks to bypass CSRF-protection Mikhail Egorov @0ang3el About me AppSec Engineer @ Ingram Micro Cloud Bug hunter & Security researcher Conference speaker https://www.slideshare.net/0ang3el @0ang3el
More informationJOE WIPING OUT CSRF
JOE ROZNER @JROZNER WIPING OUT CSRF IT S 2017 WHAT IS CSRF? 4 WHEN AN ATTACKER FORCES A VICTIM TO EXECUTE UNWANTED OR UNINTENTIONAL HTTP REQUESTS WHERE DOES CSRF COME FROM? 6 SAFE VS. UNSAFE Safe GET HEAD
More informationA.A. 2008/09. What is Ajax?
Internet t Software Technologies AJAX IMCNE A.A. 2008/09 Gabriele Cecchetti What is Ajax? AJAX stands for Asynchronous JavaScript And XML. AJAX is a type of programming made popular in 2005 by Google (with
More informationSecure Distributed Programming with Object-capabilities in JavaScript. Mark S. Miller and the Cajadores
Secure Distributed Programming with Object-capabilities in JavaScript Mark S. Miller and the Cajadores Overview Why object-capability (ocap) security? Local ocap security in JavaScript Flexible secure
More informationREST AND AJAX. Introduction. Module 13
Module 13 REST AND AJAX Introduction > Until now we have been building quite a classic web application: we send a request to the server, the server processes the request, and we render the result and show
More informationContents. Demos folder: Demos\14-Ajax. 1. Overview of Ajax. 2. Using Ajax directly. 3. jquery and Ajax. 4. Consuming RESTful services
Ajax Contents 1. Overview of Ajax 2. Using Ajax directly 3. jquery and Ajax 4. Consuming RESTful services Demos folder: Demos\14-Ajax 2 1. Overview of Ajax What is Ajax? Traditional Web applications Ajax
More informationAJAX: Introduction CISC 282 November 27, 2018
AJAX: Introduction CISC 282 November 27, 2018 Synchronous Communication User and server take turns waiting User requests pages while browsing Waits for server to respond Waits for the page to load in the
More informationCSC 443: Web Programming
1 CSC 443: Web Programming Haidar Harmanani Department of Computer Science and Mathematics Lebanese American University Byblos, 1401 2010 Lebanon AJAX 2 Asynchronous JavaScript and XML First mentioned
More informationOData Guide June 2014 Product Version 7.7 and above
PNMsoft Knowledge Base Sequence User Guides OData Guide June 2014 Product Version 7.7 and above 2014 PNMsoft All Rights Reserved This document, including any supporting materials, is owned by PNMsoft Ltd
More informationTodd toddreifsteck
Todd Reifsteck Program Manager: Memory, Power and Performance Co-Chair of W3C Web Performance Working Group @toddreifsteck toddreifsteck toddreif@microsoft.com Building a faster browser Behind the scenes
More informationCSE 154 Practice Exam from 16au
CSE 154 Practice Exam from 16au Name: Quiz Section: TA: Student ID #: Rules: You have 110 minutes to complete this exam. You will receive a deduction if you keep working after the instructor calls for
More informationThis is CS50. Harvard College Fall Quiz 1 Answer Key
Quiz 1 Answer Key Answers other than the below may be possible. Know Your Meme. 0. True or False. 1. T 2. F 3. F 4. F 5. T Attack. 6. By never making assumptions as to the length of users input and always
More informationjquery Basic HTTP communication
jquery Basic HTTP communication TAMZ 1 Lab 5 See: http://api.jquery.com/jquery.get/ http://api.jquery.com/jquery.post/ Application deployment Application has to be uploaded to a server Using of FTP/SCP/SFTP
More informationDate Picker Haim Michael
Date Picker Introduction The date picker is one of the most popular jquery widgets in use. It is highly configurable and extremely easy to implement. Introduction Simple Date Picker
More information0.9: Faster, Leaner and Dijit? July 25, 2007 Dylan Schiemann. presented by
0.9: Faster, Leaner and Dijit? July 25, 2007 Dylan Schiemann presented by Key Features Browser support Package/build system Easy widget building Declarative widget creation Rich built-in widget set Comprehensive
More informationAngularJS AN INTRODUCTION. Introduction to the AngularJS framework
AngularJS AN INTRODUCTION Introduction to the AngularJS framework AngularJS Javascript framework for writing frontend web apps DOM manipulation, input validation, server communication, URL management,
More informationW3Conf, November 15 & 16, Brad Scott
The Future of Web Application Security W3Conf, November 15 & 16, 2011 Brad Hill @hillbrad bhill@paypal-inc.com Scott Stender @scottstender scott@isecpartners.com The History of Web App Security Attacker
More informationBuilding JSR-286 portlets using AngularJS and IBM Web Experience Factory
Building JSR-286 portlets using AngularJS and IBM Web Experience Factory Overview This article illustrates how to build JSR-286 portlets using AngularJS framework and IBM Web Experience Factory (WEF) for
More informationHTTP. EC512 Spring /15/2015 EC512 - Prof. Thomas Skinner 1
HTTP EC512 Spring 2015 2/15/2015 EC512 - Prof. Thomas Skinner 1 HTTP HTTP is the standard protocol used between a web browser and a web server. It is standardized by the World Wide Web Consortium, W3C
More informationAJAX(Asynchronous Javascript + XML) Creating client-side dynamic Web pages
AJAX(Asynchronous Javascript + XML) Creating client-side dynamic Web pages AJAX = Asynchronous JavaScript and XML.AJAX is not a new programming language, but a new way to use existing standards. AJAX is
More informationJavaScript CoAPRequest API
JavaScript CoAPRequest API Abstract The CoAPRequest specification defines an API that provides scripted client functionality for transferring data between a CoAP client and a CoAP server. Table of Contents
More informationAjax Ajax Ajax = Asynchronous JavaScript and XML Using a set of methods built in to JavaScript to transfer data between the browser and a server in the background Reduces the amount of data that must be
More informationWeb Focused Programming With PHP
Web Focused Programming With PHP May 20 2014 Thomas Beebe Advanced DataTools Corp (tom@advancedatatools.com) Tom Beebe Tom is a Senior Database Consultant and has been with Advanced DataTools for over
More informationWHY CSRF WORKS. Implicit authentication by Web browsers
WHY CSRF WORKS To explain the root causes of, and solutions to CSRF attacks, I need to share with you the two broad types of authentication mechanisms used by Web applications: 1. Implicit authentication
More informationCSC Javascript
CSC 4800 Javascript See book! Javascript Syntax How to embed javascript between from an external file In an event handler URL - bookmarklet
More informationSession 11. Calling Servlets from Ajax. Lecture Objectives. Understand servlet response formats
Session 11 Calling Servlets from Ajax 1 Lecture Objectives Understand servlet response formats Text Xml Html JSON Understand how to extract data from the XMLHttpRequest object Understand the cross domain
More informationCSC 615 FINAL EXAM SINGLE PAGE APPS. 1. Introduction
CSC 615 FINAL EXAM SINGLE PAGE APPS DR. GODFREY C. MUGANDA 1. Introduction For the final exam, you are going to write a single page application that is basically a JAX-RS web service with a HTML5/JavaScript
More informationLecture 9 (more or less) Web Programming
Lecture 9 (more or less) Web Programming DOM: Document Object Model browser presents an object interface accessible from and modifiable by Javascript DOM entities have methods, properties, events element
More informationManual Html A Href Onclick Submit Button
Manual Html A Href Onclick Submit Button When you submit the form via clicking the radio button, it inserts properly into Doing a manual refresh (F5 or refresh button) will then display the new updated
More informationAsyncHttpEvalRequest: A New Primitive for Downloading Web Applications Incrementally and Securely
AsyncHttpEvalRequest: A New Primitive for Downloading Web Applications Incrementally and Securely Janne Kuuskeri and Tommi Mikkonen Tampere University of Technology Korkeakoulunkatu 1 FI-33720 Tampere,
More informationblink.html 1/1 lectures/6/src/ form.html 1/1 lectures/6/src/
blink.html 1/1 3: blink.html 5: David J. Malan Computer Science E-75 7: Harvard Extension School 8: 9: --> 11:
More informationWeb 2.0 and Security
Web 2.0 and Security Web 2.0 and Security 1. What is Web 2.0? On the client: Scripting the XMLHttpRequest object On the server: REST Web Services Mash-ups ups of Web Services used together to create novel
More informationExam Questions Demo https://www.certifyforsure.com/dumps/ Microsoft. Exam Questions
Microsoft Exam Questions 70-480 Programming in HTML5 with JavaScript and CSS3 Version:Demo 1. You are developing a web page that will be divided into three vertical sections. The main content of the site
More informationMI1004 Script programming and internet applications
MI1004 Script programming and internet applications Course content and details Learn > Course information > Course plan Learning goals, grades and content on a brief level Learn > Course material Study
More information