- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
When I first learned about CORS, I had trouble understanding it because I couldn’t figure out how this protected the server and I couldn’t understand why you would do this just for the client 😄
One thing to note, CORS only makes sense if your API uses cookies for authentication, most APIs use custom headers, the Authentication header, or even url tokens, they don’t rely on cookies, so most of the time, APIs don’t care about CORS. People keep blindly repeating that accepting all origins “*”, is bad for security, but the situations where this is relevant are really uncommon.
I wonder if XSS, CSRF and other client side attacks are still common
Absolutely NOTHING! Good God, y’all.
I get the reference
Enlighten me
I deserve the downvotes, not even mad.
deleted by creator



