Y
Hacker News
new
|
ask
|
show
|
jobs
by
thefreeman
3137 days ago
Not really. CORS headers are set by the destination of the XHR. In the case of XSS it would be an attacker controlled server used to exfiltrate user cookies, etc.