Y
Hacker News
new
|
ask
|
show
|
jobs
by
oneweekwonder
3137 days ago
But cors[0] headers can mitigate some of the risk?
[0]:
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
2 comments
amenghra
3137 days ago
You want CSP headers to mitigate XSS risks.
link
thefreeman
3137 days ago
Not really. CORS headers are set by the destination of the XHR. In the case of XSS it would be an attacker controlled server used to exfiltrate user cookies, etc.
link