-
Notifications
You must be signed in to change notification settings - Fork 73
CORS
Pedro Belo edited this page Aug 6, 2015
·
8 revisions
Cross-origin resource sharing allows you to expose APIs to web applications running in other domains.
By default web apps only have access to resources running in their own domain. For obvious reasons: we don't want a web page in evil.com to make AJAX requests to https://mail.google.com/mail carrying the cookies you have for your Gmail account.
But this is a problem only for apps relying on cookies for authentication. Since Pliny doesn't, it exposes all its endpoints to web pages in any domain so they can consume your API just like any other client.
Further reading:
Basics
Diving in
- bin/setup
- Config
- CORS
- Endpoints
- Error Handling
- Logging
- Models
- Mediators
- Migrations
- Rake Tasks
- Request IDs
- RequestStore
- Schema
- Serialization
- Testing
- Updating
Guides