Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
RESTful Web API Design with Node.js 10, Third Edition

You're reading from   RESTful Web API Design with Node.js 10, Third Edition Learn to create robust RESTful web services with Node.js, MongoDB, and Express.js

Arrow left icon
Product type Paperback
Published in Apr 2018
Publisher Packt
ISBN-13 9781788623322
Length 178 pages
Edition 3rd Edition
Languages
Concepts
Arrow right icon
Author (1):
Arrow left icon
Valentin Bojinov Valentin Bojinov
Author Profile Icon Valentin Bojinov
Valentin Bojinov
Arrow right icon
View More author details
Toc

Table of Contents (11) Chapters Close

Preface 1. REST – What You Did Not Know FREE CHAPTER 2. Getting Started with Node.js 3. Building a Typical Web API 4. Using NoSQL Databases 5. Restful API Design Guidelines 6. Implementing a Full Fledged RESTful Service 7. Preparing a RESTful API for Production 8. Consuming a RESTful API 9. Securing the Application 10. Other Books You May Enjoy

Cross Origin Resource Sharing


Cross-site HTTP requests are requests that refer to resources to be loaded from a domain different from the one that initially requested them. In our case, we started the client from our filesystem, and it requested resources from a network address. This is considered a potential Cross-site scripting request, which, according to the W3C recommendation at http://w3.org/cors/TR/cors, should be carefully handled. This means that if an external resource is requested, the domain where it is requested from—its Origin—should be explicitly specified in a header, as long as an external resource loading is not allowed in general. This mechanism prevents Cross-Side Scripting (XSS) attacks, and it is based on HTTP headers.

The following HTTP request headers specify how external resources should be handled on the client side:

  • Origin defines where the request originated from
  • Access-Control-Request-Method defines the HTTP method that was used to request the resource
  • Access-Control...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime