CORS enables micro services on AWS
AWS User Group Singapore (Mar 2016)
Kai Hendry
Kai Hendry
en.wikipedia.org/wiki/Cross-origin_resource_sharing
curl \ --verbose \ --request OPTIONS \ http://s.natalian.org/2016-03-20/rtest2.json \ --header 'Origin: http://bad.example.com' \ --header 'Access-Control-Request-Headers: Origin, Accept, Content-Type' \ --header 'Access-Control-Request-Method: GET'
s.natalian.org/2016-03-23/accepted.txt
s.natalian.org/2016-03-23/denied.txt
diff --git a/nay.txt b/yay.txt index 3bbcd43..76aba5d 100644 --- a/nay.txt +++ b/yay.txt @@ -3,7 +3,7 @@ <AllowedOrigin>*</AllowedOrigin> <AllowedMethod>GET</AllowedMethod> <MaxAgeSeconds>3000</MaxAgeSeconds> <AllowedHeader>Authorization</AllowedHeader><AllowedHeader>*</AllowedHeader> </CORSRule> </CORSConfiguration>
For APIs, maybe we want to control access a little?
We need to listen to our customers! From our statically generated site!
dabase.com/blog/Openwrt_rescue/
AJAX with CORS enables us to communicate with:
aws ec2 run-instances --image-id ami-94aa68f7 --count 1 --instance-type t1.micro --key-name hendry --security-groups default
CORS is like a IP whitelist that enables the INTERNET OF THINGS
It's not really a security feature. It allows browsers to ease same origin policy and
it allows Web services to bless certain domains can use its services FROM THE BROWSER.