-
Notifications
You must be signed in to change notification settings - Fork 74
CORS
Pedro Belo edited this page Jul 10, 2015
·
8 revisions
Cross-origin resource sharing allows you to expose APIs to web applications running in other domains.
By default web apps only have access to resources running in their own domain. For obvious reasons: we don't want a web page in evil.com to be able to make an AJAX POST to https://gmail.com/messages/send carrying the cookies you have for your gmail account.
Since Pliny don't rely on cookies, it does expose all endpoints to other web sites via CORS. This means web pages running in a browser can call your APIs just like any other client – as long as they provide the same credentials you require elsewhere, of course.
Further reading:
Basics
Diving in
- bin/setup
- Config
- CORS
- Endpoints
- Error Handling
- Logging
- Models
- Mediators
- Migrations
- Rake Tasks
- Request IDs
- RequestStore
- Schema
- Serialization
- Testing
- Updating
Guides