{"id":25685,"date":"2024-06-05T09:47:11","date_gmt":"2024-06-05T09:47:11","guid":{"rendered":"https:\/\/www.danielgorecki.pl\/?page_id=25685"},"modified":"2024-06-05T10:03:01","modified_gmt":"2024-06-05T10:03:01","slug":"o-mnie","status":"publish","type":"page","link":"https:\/\/www.danielgorecki.pl\/index.php\/o-mnie\/","title":{"rendered":"CORS"},"content":{"rendered":"\n
<\/span>\"\"
\n

Osobisty notatnik<\/h1>\n\n\n\n

Tu s\u0105 lu\u017ane notatki z wiedzy e-Commerce i dev. Czytaj i czerp wiedz\u0119.<\/p>\n<\/div><\/div>\n\n\n\n

<\/div><\/div>\n\n\n\n
\n

CORS, czyli Cross-Origin Resource Sharing (udost\u0119pnianie zasob\u00f3w mi\u0119dzy \u017ar\u00f3d\u0142ami), to mechanizm bezpiecze\u0144stwa przegl\u0105darek internetowych, kt\u00f3ry pozwala lub ogranicza, jak zasoby na stronie internetowej mog\u0105 by\u0107 \u017c\u0105dane z innego domeny ni\u017c ta, z kt\u00f3rej pochodzi sama strona. Jest to cz\u0119\u015b\u0107 szerszej polityki bezpiecze\u0144stwa znanej jako Same-Origin Policy (Polityka tego samego pochodzenia), kt\u00f3ra ma na celu zapobieganie r\u00f3\u017cnym atakom, takim jak cross-site scripting (XSS) i inne.<\/p>\n\n\n\n

Dlaczego CORS jest wa\u017cny?
Bezpiecze\u0144stwo: CORS pozwala administratorom serwer\u00f3w kontrolowa\u0107, kto mo\u017ce uzyskiwa\u0107 dost\u0119p do ich zasob\u00f3w. Bez tego mechanizmu, z\u0142o\u015bliwe skrypty mog\u0142yby bez ogranicze\u0144 \u017c\u0105da\u0107 danych z r\u00f3\u017cnych \u017ar\u00f3de\u0142, potencjalnie prowadz\u0105c do wycieku danych.<\/p>\n\n\n\n

Kontrola dost\u0119pu: Dzi\u0119ki CORS, serwery mog\u0105 okre\u015bli\u0107, kt\u00f3re domeny maj\u0105 dost\u0119p do ich zasob\u00f3w. Na przyk\u0142ad, serwis API mo\u017ce zezwoli\u0107 tylko wybranym domenom na \u017c\u0105danie swoich danych, a blokowa\u0107 inne.<\/p>\n\n\n\n

Jak dzia\u0142a CORS?
Kiedy przegl\u0105darka wykonuje \u017c\u0105danie do zasobu z innej domeny (cross-origin request), przegl\u0105darka dodaje nag\u0142\u00f3wek Origin do \u017c\u0105dania HTTP, wskazuj\u0105c domen\u0119, z kt\u00f3rej pochodzi \u017c\u0105danie. Serwer docelowy mo\u017ce wtedy zdecydowa\u0107, czy odpowiedzie\u0107 na to \u017c\u0105danie, w oparciu o jego w\u0142asn\u0105 polityk\u0119 CORS. Je\u015bli serwer zdecyduje si\u0119 odpowiedzie\u0107, do\u0142\u0105cza nag\u0142\u00f3wki CORS w odpowiedzi, okre\u015blaj\u0105ce, kt\u00f3re domeny mog\u0105 otrzyma\u0107 odpowied\u017a, jakie metody HTTP s\u0105 dozwolone, czy cookies mog\u0105 by\u0107 wysy\u0142ane razem z \u017c\u0105daniem i inne.<\/p>\n\n\n\n

Przyk\u0142adowe nag\u0142\u00f3wki CORS:
Access-Control-Allow-Origin: Okre\u015bla, kt\u00f3re domeny mog\u0105 uzyska\u0107 dost\u0119p do zasob\u00f3w.
Access-Control-Allow-Methods: Wymienia metody HTTP, kt\u00f3re mog\u0105 by\u0107 u\u017cywane podczas \u017c\u0105dania zasob\u00f3w.
Access-Control-Allow-Headers: Wymienia nag\u0142\u00f3wki, kt\u00f3re mog\u0105 by\u0107 u\u017cywane podczas \u017c\u0105dania.
Access-Control-Allow-Credentials: Okre\u015bla, czy \u017c\u0105dania z uwierzytelnieniem (np. cookies, dane autoryzacyjne) s\u0105 dozwolone.
Wyzwania zwi\u0105zane z CORS:
Cz\u0119sto podczas rozwoju aplikacji internetowych deweloperzy napotykaj\u0105 b\u0142\u0119dy zwi\u0105zane z CORS, kiedy pr\u00f3buj\u0105 \u017c\u0105da\u0107 zasob\u00f3w z innego serwera, domeny lub portu. W takich przypadkach odpowiednie konfiguracje po stronie serwera, kt\u00f3re obs\u0142uguje zasoby, s\u0105 niezb\u0119dne, aby umo\u017cliwi\u0107 lub ograniczy\u0107 dost\u0119p zgodnie z wymaganiami.<\/p>\n<\/div><\/div>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

CORS, czyli Cross-Origin Resource Sharing (udost\u0119pnianie zasob\u00f3w mi\u0119dzy \u017ar\u00f3d\u0142ami), to mechanizm bezpiecze\u0144stwa przegl\u0105darek internetowych, kt\u00f3ry pozwala lub ogranicza, jak zasoby na stronie internetowej mog\u0105 by\u0107 \u017c\u0105dane z innego domeny ni\u017c ta, z kt\u00f3rej pochodzi sama strona. Jest to cz\u0119\u015b\u0107 szerszej polityki bezpiecze\u0144stwa znanej jako Same-Origin Policy (Polityka tego samego pochodzenia), kt\u00f3ra ma na celu zapobieganie …<\/p>\n

CORS<\/span> Read More »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_uag_custom_page_level_css":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"site-sidebar-layout":"no-sidebar","site-content-layout":"plain-container","ast-site-content-layout":"normal-width-container","site-content-style":"unboxed","site-sidebar-style":"unboxed","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","theme-transparent-header-meta":"enabled","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":""},"acf":[],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false},"uagb_author_info":{"display_name":"admin","author_link":"https:\/\/www.danielgorecki.pl\/index.php\/author\/admin\/"},"uagb_comment_info":0,"uagb_excerpt":"CORS, czyli Cross-Origin Resource Sharing (udost\u0119pnianie zasob\u00f3w mi\u0119dzy \u017ar\u00f3d\u0142ami), to mechanizm bezpiecze\u0144stwa przegl\u0105darek internetowych, kt\u00f3ry pozwala lub ogranicza, jak zasoby na stronie internetowej mog\u0105 by\u0107 \u017c\u0105dane z innego domeny ni\u017c ta, z kt\u00f3rej pochodzi sama strona. Jest to cz\u0119\u015b\u0107 szerszej polityki bezpiecze\u0144stwa znanej jako Same-Origin Policy (Polityka tego samego pochodzenia), kt\u00f3ra ma na celu zapobieganie…","_links":{"self":[{"href":"https:\/\/www.danielgorecki.pl\/index.php\/wp-json\/wp\/v2\/pages\/25685"}],"collection":[{"href":"https:\/\/www.danielgorecki.pl\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.danielgorecki.pl\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.danielgorecki.pl\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.danielgorecki.pl\/index.php\/wp-json\/wp\/v2\/comments?post=25685"}],"version-history":[{"count":9,"href":"https:\/\/www.danielgorecki.pl\/index.php\/wp-json\/wp\/v2\/pages\/25685\/revisions"}],"predecessor-version":[{"id":25707,"href":"https:\/\/www.danielgorecki.pl\/index.php\/wp-json\/wp\/v2\/pages\/25685\/revisions\/25707"}],"wp:attachment":[{"href":"https:\/\/www.danielgorecki.pl\/index.php\/wp-json\/wp\/v2\/media?parent=25685"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}