undefined | Better HN

0 pointsmichaelermer8y ago0 comments

And/or simply implement CORS headers.

0 comments

No, CORS doesn't apply here. CORS regulates cross-origin requests, but the attack here makes the browser think the requests are same-origin.

(Also, CORS can only be used to permit access that would normally be denied. CORS does not offer any way to deny access that is normally permitted.)

j / k navigate · click thread line to collapse

No, CORS doesn't apply here. CORS regulates cross-origin requests, but the attack here makes the browser think the requests are same-origin.

(Also, CORS can only be used to permit access that would normally be denied. CORS does not offer any way to deny access that is normally permitted.)

j / k navigate · click thread line to collapse