Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
zemnmez
4y ago
0 comments
Save
Share
CORS tries to prevent CSRF issues by preventing cross-origin cookie authentication.
0 comments
2 comments · 1 top-level
top
newest
oldest
jefftk
4y ago
· 1 in thread
Sure, but moving your whole app under a single origin to avoid dealing with CORS doesn't weaken any protection here.
zemnmez
OP
4y ago
if handled correctly, sure. but it also means that implicit cookie authentication ('ambient authority') is possible and can easily happen by accident
j
/
k
navigate · click thread line to collapse
