Search

US-12627660-B2 - Cross-origin resource handling for web content

US12627660B2US 12627660 B2US12627660 B2US 12627660B2US-12627660-B2

Abstract

One disclosed method involves receiving, by a browser and from a first origin, preauthorization data identifying a plurality of other origins that are permitted to send instructions to the browser that cause the browser to access one or more resources at the first origin, determining, by the browser, that data received from a second origin includes a first instruction to access a first resource at the first origin, determining, by the browser, that the second origin is included among the plurality of other origins identified by the preauthorization data, and accessing, by the browser and based at least in part on the second origin being included among the plurality of other origins, the first resource at the first origin based on the first instruction.

Inventors

  • Subramanian Krishnan

Assignees

  • CITRIX SYSTEMS, INC.

Dates

Publication Date
20260512
Application Date
20220509

Claims (16)

  1. 1 . A method, comprising: receiving, by a browser and from a first origin, preauthorization data identifying a plurality of other origins that are permitted to send instructions to the browser that cause the browser to access one or more resources at the first origin; determining, by the browser, that data received from a second origin includes a first instruction to access a first resource at the first origin; determining, by the browser, that the second origin is included among the plurality of other origins identified by the preauthorization data; and accessing, by the browser and based at least in part on the second origin being included among the plurality of other origins, the first resource at the first origin based on the first instruction; receiving, by the browser, additional data from a third origin, the additional data including a second instruction to access a second resource at the first origin; determining, by the browser, that the third origin is unrepresented in the plurality of other origins identified in the preauthorization data; in response to determining that the third origin is unrepresented in the plurality of other origins, sending, by the browser, a pre-access request to the first origin, the pre-access request including an indication of the third origin and the second instruction to access the second resource; receiving, by the browser and from the first origin, an approval in response to the preaccess request; and in response to receiving the approval, accessing, by the browser, the second resource at the first origin based on the second instruction.
  2. 2 . The method of claim 1 , further comprising: in response to receiving the data from the second origin, determining that the preauthorization data for the first origin is unavailable at the browser; causing the browser to download of the preauthorization data from the first origin; and storing the preauthorization data in a memory of a computing device on which the browser is being accessed.
  3. 3 . The method of claim 1 , further comprising: receiving, by the browser, a user input indicative of at least the first origin, receipt of the user input causing the browser to download the preauthorization data from the first origin.
  4. 4 . The method of claim 3 , further comprising: receiving, by the browser, an additional user input indicative of a time period when the preauthorization data from the first origin is to be updated; determining, by the browser, that time elapsed since previous download of the preauthorization data from the first origin satisfies the time period; and in response to the time elapsed satisfying the time period, causing the browser to download updated preauthorization data from the first origin.
  5. 5 . The method of claim 1 , wherein the preauthorization data further identifies at least one Hypertext-Transfer-Protocol (HTTP) request method permitted to be used by at least one of the plurality of other origins to send instructions to the browser.
  6. 6 . The method of claim 1 , wherein the second origin is identified in the preauthorization data using a domain.
  7. 7 . The method of claim 1 , wherein the first origin is identified in the preauthorization data using a Uniform Resource Locator (URL).
  8. 8 . A system, comprising: at least one processor; and at least one computer-readable medium encoded with instructions which, when executed by the at least one processor, cause the system to: receive, by a browser and from a first origin, preauthorization data identifying a plurality of other origins that are permitted to send instructions to the browser that cause the browser to access one or more resources at the first origin; determine, by the browser, that data received from a second origin includes a first instruction to access a first resource at the first origin; determine, by the browser, that the second origin is included among the plurality of other origins identified by the preauthorization data; and access, by the browser and based at least in part on the second origin being included among the plurality of other origins, the first resource at the first origin based on the first instruction; receive, by the browser, additional data from a third origin, the additional data including a second instruction to access a second resource at the first origin, determine, by the browser, that the third origin is unrepresented in the plurality of other origins identified in the preauthorization data; in response to determining that the third origin is unrepresented in the plurality of other origins, send, by the browser, a pre-access request to the first origin, the pre-access request including an indication of the third origin and the second instruction to access the second resource; receive, by the browser and from the first origin, an approval in response to the preaccess request, and in response to receiving the approval, access, by the browser, the second resource at the first origin based on the second instruction.
  9. 9 . The system of claim 8 , wherein the at least one computer-readable medium is further encoded with additional instructions which, when executed by the at least one processor, further cause the system to: in response to receiving the data from the second origin, determine that the preauthorization data for the first origin is unavailable at the browser; cause the browser to download of the preauthorization data from the first origin; and store the preauthorization data in a memory of the system on which the browser is being accessed.
  10. 10 . The system of claim 8 , wherein the at least one computer-readable medium is further encoded with additional instructions which, when executed by the at least one processor, further cause the system to: receive, by the browser, a user input indicative of at least the first origin, receipt of the user input causing the browser to download the preauthorization data from the first origin.
  11. 11 . The system of claim 10 , wherein the at least one computer-readable medium is further encoded with additional instructions which, when executed by the at least one processor, further cause the system to: receive, by the browser, an additional user input indicative of a time period when the preauthorization data from the first origin is to be updated; determine, by the browser, that time elapsed since previous download of the preauthorization data from the first origin satisfies the time period; and in response to the time elapsed satisfying the time period, cause the browser to download updated preauthorization data from the first origin.
  12. 12 . The system of claim 8 , wherein the preauthorization data further identifies at least one Hypertext-Transfer-Protocol (HTTP) request method permitted to be used by at least one of the plurality of other origins to send instructions to the browser.
  13. 13 . The system of claim 8 , wherein the second origin is identified in the preauthorization data using a domain.
  14. 14 . The system of claim 8 , wherein the first origin is identified in the preauthorization data using a Uniform Resource Locator (URL).
  15. 15 . At least one non-transitory computer-readable medium encoded with instructions which, when executed by at least one processor of a system, cause the system to: receive, by a browser and from a first origin, preauthorization data identifying a plurality of other origins that are permitted to send instructions to the browser that cause the browser to access one or more resources at the first origin; determine, by the browser, that data received from a second origin includes a first instruction to access a first resource at the first origin; determine, by the browser, that the second origin is included among the plurality of other origins identified by the preauthorization data; access, by the browser and based at least in part on the second origin being included among the plurality of other origins, the first resource at the first origin based on the first instruction; receive, by the browser, additional data from a third origin, the additional data including a second instruction to access a second resource at the first origin; determine, by the browser, that the third origin is unrepresented in the plurality of other origins identified in the preauthorization data; in response to determining that the third origin is unrepresented in the plurality of other origins, send, by the browser, a pre-access request to the first origin, the pre-access request including an indication of the third origin and the second instruction to access the second resource; receive, by the browser and from the first origin, an approval response to the preaccess request; and in response to receiving the approval, access, by the browser, the second resource at the first origin based on the second instruction.
  16. 16 . The at least one non-transitory computer-readable medium of claim 15 , further encoded with additional instructions which, when executed by the at least one processor, further cause the system to: in response to receiving the data from the second origin, determine that the preauthorization data for the first origin is unavailable at the browser; cause the browser to download of the preauthorization data from the first origin; and store the preauthorization data in a memory of the system on which the browser is being accessed.

Description

BACKGROUND Data and web content hosted by a server, a domain, etc., can be accessed using browsers. Various systems have been developed that allow client devices to access applications, web applications, and/or data files over a network. Certain products offered by Citrix Systems, Inc. of Fort Lauderdale, FL, including the Citrix Workspace™ family of products, provide such capabilities. SUMMARY This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features, nor is it intended to limit the scope of the claims included herewith. In some of the disclosed embodiments, a method may involve receiving, by a browser and from a first origin, preauthorization data identifying a plurality of other origins that are permitted to send instructions to the browser that cause the browser to access one or more resources at the first origin, determining, by the browser, that data received from a second origin includes a first instruction to access a first resource at the first origin, determining, by the browser, that the second origin is included among the plurality of other origins identified by the preauthorization data, and accessing, by the browser and based at least in part on the second origin being included among the plurality of other origins, the first resource at the first origin based on the first instruction. In some of the disclosed embodiments, a system may comprise at least one processor, and at least one computer-readable medium encoded with instructions which, when executed by the at least one processor, cause the system to receive, by a browser and from a first origin, preauthorization data identifying a plurality of other origins that are permitted to send instructions to the browser that cause the browser to access one or more resources at the first origin, determine, by the browser, that data received from a second origin includes a first instruction to access a first resource at the first origin, determine, by the browser, that the second origin is included among the plurality of other origins identified by the preauthorization data, and access, by the browser and based at least in part on the second origin being included among the plurality of other origins, the first resource at the first origin based on the first instruction. In some of the disclosed embodiments, at least one non-transitory computer-readable medium may be encoded with instructions which, when executed by at least one processor of a system, cause the system to receive, by a browser and from a first origin, preauthorization data identifying a plurality of other origins that are permitted to send instructions to the browser that cause the browser to access one or more resources at the first origin, determine, by the browser, that data received from a second origin includes a first instruction to access a first resource at the first origin, determine, by the browser, that the second origin is included among the plurality of other origins identified by the preauthorization data, and access, by the browser and based at least in part on the second origin being included among the plurality of other origins, the first resource at the first origin based on the first instruction. BRIEF DESCRIPTION OF THE DRAWINGS Objects, aspects, features, and advantages of embodiments disclosed herein will become more fully apparent from the following detailed description, the appended claims, and the accompanying figures in which like reference numerals identify similar or identical elements. Reference numerals that are introduced in the specification in association with a figure may be repeated in one or more subsequent figures without additional description in the specification in order to provide context for other features, and not every element may be labeled in every figure. The drawings are not necessarily to scale, emphasis instead being placed upon illustrating embodiments, principles and concepts. The drawings are not intended to limit the scope of the claims included herewith. FIG. 1 shows an example implementation of a system using Cross-Origin Resource Sharing (CORS) preauthorization data for enabling access to cross-origin resources, in accordance with some embodiments of the present disclosure; FIG. 2 is a diagram of a network environment in which some embodiments of the novel systems and methods disclosed herein may deployed; FIG. 3 is a block diagram of a computing system that may be used to implement one or more of the components of the computing environment shown in FIG. 2 in accordance with some embodiments; FIG. 4 is a schematic block diagram of a cloud computing environment in which various aspects of the disclosure may be implemented; FIG. 5B is a block diagram showing an example implementation of the system shown in FIG. 5A in which various resource management services as well as