[B! CORS] kikiki-kikiã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

kikiki-kiki id:kikiki-kiki

CORSã«é–¢ã™ã‚‹kikiki-kikiã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (6)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

express.jsã®corså¯¾å¿œ - Qiita
ã¯ã˜ã‚ã« APIã‚µãƒ¼ãƒ“ã‚¹ã‚’æ§‹ç¯‰ã™ã‚‹éš›ã«ã€Postmanãªã©ã®ãƒ„ãƒ¼ãƒ«ã§ã¯æ£å¸¸ã«ã‚¢ã‚¯ã‚»ã‚¹ã§ãã¾ã™ãŒã€ ãƒ–ãƒ©ã‚¦ã‚¶ã‹ã‚‰ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã¨ã€ã‚¨ãƒ©ãƒ¼ã«ãªã‚‹å ´åˆãŒã‚ã‚Šã¾ã™ã€‚ ãã‚Œã¯CORS(Cross-Origin Resource Sharing)å¯¾å¿œã‚’ã—ã¦ã„ãªã„å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚ ãªãœãªã‚‰ã€ã‚µã‚¤ãƒˆã®ãƒ‰ãƒ¡ã‚¤ãƒ³ã¨APIã‚µãƒ¼ãƒ“ã‚¹ã®ãƒ‰ãƒ¡ã‚¤ãƒ³ãŒé•ã†å ´åˆã¯ å…ˆã«optionsãƒ¡ã‚½ãƒƒãƒ‰ã§å•ã„åˆã‚ã›ã‚’ã—ã¾ã™ã€‚è¨±å¯ã™ã‚‹å ´åˆã®ã¿å®Ÿéš›ã®APIã‚’é€šä¿¡ã—ã¾ã™ã€‚ â€»åŒã˜ãƒ‰ãƒ¡ã‚¤ãƒ³ã®å ´åˆã¯CORSã®å¯¾å¿œã¯è¦ã‚‰ãªã„ã§ã™ã€‚ const app = express() const allowCrossDomain = function(req, res, next) { res.header('Access-Control-Allow-Origin', '*') res.header('Access-Control-Allow-Method
kikiki-kiki 2020/07/03
CORS

express

javascript
ãƒªãƒ³ã‚¯
çŸ¥ã£ã¦ã„ã‚‹ã¨æ—ã‚‹create-react-appã®è¨å®š - Qiita
ã¯ã˜ã‚ã« NTTãƒ†ã‚¯ãƒŽã‚¯ãƒã‚¹ Advent Calendar 2018ã®8æ—¥ç›®æ‹…å½“ @geek_duck ã§ã™ðŸ¦† æœ€è¿‘ã¯React.jsã§ãƒ•ãƒãƒ³ãƒˆå´ã€SpringBoot/Grailsã§APIå´ã‚’ä½œã‚‹ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã«é–¢ã‚ã£ã¦ã„ã¾ã™ã€‚ ãã®ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã®ä¸ã§èª¿ã¹ãŸã€çŸ¥ã£ã¦ã„ã‚‹ã¨æ—ã‚‹create-react-appã®è¨å®šã‚’ç´¹ä»‹ã—ãŸã„ã¨æ€ã„ã¾ã™ã€‚ ã“ã®æŠ•ç¨¿ã§ä½¿ç”¨ã—ã¦ã„ã‚‹è¨€èªžã€ãƒ©ã‚¤ãƒ–ãƒ©ãƒªã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ Node.js v10.14.1 npm v6.4.1 create-react-app v2.1.1 react.js v16.6.3 create-react-appåŸºæœ¬ã®ä½¿ã„æ–¹ æœ€åˆã«create-react-appã®åŸºæœ¬çš„ãªä½¿ã„æ–¹ã‚’ã‚µãƒƒã¨ç´¹ä»‹ã—ã¾ã™ã€‚ create-react-appã¯ã€React.jsã®ã‚¢ãƒ—ãƒªã®ã²ãªå½¢ã‚’ä½œæˆã—ã¦ãã‚Œã‚‹ãƒ„ãƒ¼ãƒ«ã§ã™ã€‚ ä»¥ä¸‹ã®npxã‚³ãƒžãƒ³ãƒ‰çµŒç”±ã§create-rea
kikiki-kiki 2020/07/03
CORS

react

javascript
ãƒªãƒ³ã‚¯
ãªã‚“ã¨ãªã CORS ãŒã‚ã‹ã‚‹...ã¯ã‚‚ã†çµ‚ã‚ã‚Šã«ã™ã‚‹ã€‚ - Qiita
Access to XMLHttpRequest at 'http://localhost:8081' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is ther
kikiki-kiki 2020/07/03
CORS

express

javascript
ãƒªãƒ³ã‚¯
CORSã¾ã¨ã‚ - Qiita
ä»Šæ›´ã§ã™ãŒã€**CORS (Cross-Origin Resource Sharing)**ã‚’è‰²ã€…è©¦ã—ã¦ã„ãŸã‚‰ã€æ€ã£ã¦ã„ãŸä»¥ä¸Šã«è‰²ã€…ãƒ‘ã‚¿ãƒ¼ãƒ³ãŒã‚ã‚‹ã“ã¨ã«æ°—ã¥ã„ãŸã®ã§ã€æ”¹ã‚ã¦ãã®æ‰±ã„æ–¹ã«ã¤ã„ã¦ã¾ã¨ã‚ã¦ã¿ã¾ã—ãŸã€‚ ãã‚‚ãã‚‚ ç¾åœ¨ã®Webãƒ–ãƒ©ã‚¦ã‚¶ã§ã¯ã€ã‚ã‚‹Webã‚µã‚¤ãƒˆãŒæŒã¤æƒ…å ±ãŒåˆ¥ã®æ‚ªæ„ã‚ã‚‹Webã‚µã‚¤ãƒˆã«æ‚ªç”¨ã•ã‚Œã‚‹ã®ã‚’é˜²ããŸã‚ã«ã€Same-Origin Policy(æ—¥æœ¬èªžã§ã¯åŒä¸€ç”Ÿæˆå…ƒãƒãƒªã‚·ãƒ¼)ãŒé©ç”¨ã•ã‚Œã¾ã™ã€‚ ä¾‹ãˆã°ã€ã‚ã‚‹Webã‚µã‚¤ãƒˆ https://guiltysite.com ã‚’ãƒ–ãƒ©ã‚¦ã‚¶ã§è¡¨ç¤ºã—ã¦ã„ã‚‹æ™‚ã«ã€ã“ã®Webãƒšãƒ¼ã‚¸ã‹ã‚‰XMLHttpRequest(ä»¥ä¸‹ã€XHR)ã‚„Fetch APIã§åˆ¥ã®Webã‚µã‚¤ãƒˆ https://innocentsite.net ã‹ã‚‰HTTP(S)ã§ãƒ‡ãƒ¼ã‚¿ã‚’èªã¿è¾¼ã‚‚ã†ã¨ã™ã‚‹ã¨ã€ã‚¨ãƒ©ãƒ¼ã«ãªã‚‹ã€ã¨ã„ã†ã‚ã‘ã§ã™ã€‚ ã—ã‹ã—ã€ã‚¢ã‚¯ã‚»ã‚¹å…ƒãŒæ‚ªæ„ã‚ã‚‹Webã‚µã‚¤ãƒˆãªã‚‰ã¨ã‚‚ã‹ã
kikiki-kiki 2019/01/07
javascript

Ajax

CORS
ãƒªãƒ³ã‚¯
CORSãƒªã‚¯ã‚¨ã‚¹ãƒˆã§ã‚¯ãƒ¬ãƒ‡ãƒ³ã‚·ãƒ£ãƒ«(â‰’ã‚¯ãƒƒã‚ãƒ¼)ã‚’å¿…è¦ã¨ã™ã‚‹å ´åˆã®æ³¨æ„ç‚¹ - Qiita
ã‚¯ãƒ¬ãƒ‡ãƒ³ã‚·ãƒ£ãƒ«ã®é€ä¿¡ ã‚¯ãƒã‚¹ã‚ªãƒªã‚¸ãƒ³ã®AJAXãƒªã‚¯ã‚¨ã‚¹ãƒˆã§ã‚¯ãƒ¬ãƒ‡ãƒ³ã‚·ãƒ£ãƒ«ï¼ˆã‚¯ãƒƒã‚ãƒ¼ã®é€ä¿¡ã¾ãŸã¯BASICèªè¨¼ï¼‰ã‚’å¿…è¦ã¨ã™ã‚‹å ´åˆã¯ã€ãã‚Œã‚’è¨±å¯ã™ã‚‹ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã‚’ãƒ•ãƒãƒ³ãƒˆå´Javascriptã§ä»˜ã‘ã¦ãŠãå¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§ã¯CORSãƒªã‚¯ã‚¨ã‚¹ãƒˆã§ã‚¯ãƒƒã‚ãƒ¼ã¯é€ä¿¡ã•ã‚Œã¾ã›ã‚“ã—ã€BASICèªè¨¼ã¯é€ã‚Œã¾ã›ã‚“ã€‚ Fetch API ã®å ´åˆ fetch(url, { mode: 'cors', //ã‚¯ãƒã‚¹ã‚ªãƒªã‚¸ãƒ³ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’ã™ã‚‹ã®ã§CORSãƒ¢ãƒ¼ãƒ‰ã«ã™ã‚‹ credentials: 'include' //ã‚¯ãƒ¬ãƒ‡ãƒ³ã‚·ãƒ£ãƒ«ã‚’å«ã‚ã‚‹æŒ‡å®š })
kikiki-kiki 2019/01/07
javascript

Ajax

credential

CORS
ãƒªãƒ³ã‚¯
SPAã‚µã‚¤ãƒˆã®CSRFå¯¾ç– - è¦ªãƒã‚«ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ã®ãƒŠãƒ¬ãƒƒã‚¸å¸³
CSRFå¯¾ç–ã«ã¤ã„ã¦ CSRFã¨ã¯ï¼Ÿ CSRFã«ã‚ˆã‚‹è¢«å®³ é€šå¸¸ã®CSRFå¯¾ç– SPAã‚µã‚¤ãƒˆã®CSRFå¯¾ç– æ–¹æ³•1 ãƒªãƒ•ã‚¡ãƒ©ã§åˆ¤æ– æ–¹æ³•2 ãƒã‚°ã‚¤ãƒ³æ™‚ã«ç™ºè¡Œã—ãŸãƒˆãƒ¼ã‚¯ãƒ³ã‚’ç…§åˆ æ–¹æ³•3 CORSã¨çµ„ã¿åˆã‚ã›ã¦Originã‚’ãƒã‚§ãƒƒã‚¯ CSRFå¯¾ç–ã«ã¤ã„ã¦ CSRFã¨ã¯ï¼Ÿ ã“ã®ãƒšãƒ¼ã‚¸ã«æ¥ã‚‰ã‚ŒãŸæ–¹ãªã‚‰ã‚‚ã†ç†è§£ã—ã¦ã„ã‚‹æ–¹ã‚‚å¤šã„ã¨ã¯æ€ã„ã¾ã™ãŒã€CSRFã«ã¤ã„ã¦ç°¡å˜ã«èª¬æ˜Žã—ã¾ã™ã€‚ CSRFã¯ãƒªã‚¯ã‚¨ã‚¹ãƒˆå¼·è¦(CSRFï¼šCross-site Request Forgery)ã¨ã„ã†æ„å‘³ã§ã€ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆ(Cross-site)ã®åã®é€šã‚Šã€æ£è¦ã®ã‚µã‚¤ãƒˆã¨ã¯åˆ¥ã®ã‚µã‚¤ãƒˆã‹ã‚‰ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’é€ã‚‰ã›ã‚‹å½é€ å·¥ä½œã§ã™ã€‚ Webã§ã‚µãƒ¼ãƒã‚µã‚¤ãƒ‰ã®é–‹ç™ºã‚’ã—ã¦ã„ã‚‹æ–¹ãªã‚‰ã”å˜çŸ¥ã ã¨ã¯æ€ã„ã¾ã™ãŒã€ä¾‹ãˆã°ãƒ•ã‚©ãƒ¼ãƒ ã®POSTå‡¦ç†ã¯å¿…è¦ãªé …ç›®ã‚„URLã•ãˆã‚ã‹ã£ã¦ã„ã‚Œã°ã©ã“ã‹ã‚‰ã§ã‚‚ãƒªã‚¯ã‚¨ã‚¹ãƒˆã™ã‚‹ã“ã¨ã¯å¯èƒ½ã§ã™ã‚ˆãã€‚(ãƒªã‚¯ã‚¨ã‚¹ãƒˆå…ˆãŒå—ã‘ä»˜ã‘ã¦ãã‚Œã‚‹ã‹ã¯
kikiki-kiki 2018/08/28
ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

SPA

CORS
ãƒªãƒ³ã‚¯
1