Y
Hacker News
new
|
ask
|
show
|
jobs
by
mathias
3708 days ago
> It looks like this is possible because there is not an explicit 'access-control-allow-origin' header set on facebook
CORS has nothing to do with it, actually. This is where the strength of the attack lies.