-
Notifications
You must be signed in to change notification settings - Fork 74
CORS
Pedro Belo edited this page Jul 9, 2015
·
8 revisions
Cross-origin resource sharing allows you to expose APIs to web applications running in other domains.
By default web apps only have access to resources running in their own domain. For obvious reasons: we don't want evil.com to be able to make a POST request to https://gmail.com/messages/send, at least not if this request will carry your Gmail cookies.
Since Pliny don't rely on cookies, it does expose all endpoints to other web sites via CORS. This means web pages running in a browser can call your APIs just like any other client – as long as they provide the same credentials you require elsewhere, of course.
More info:
Basics
Diving in
- bin/setup
- Config
- CORS
- Endpoints
- Error Handling
- Logging
- Models
- Mediators
- Migrations
- Rake Tasks
- Request IDs
- RequestStore
- Schema
- Serialization
- Testing
- Updating
Guides