Y
Hacker News
new
|
ask
|
show
|
jobs
by
jakelazaroff
2941 days ago
Yup! CORS is meant to protect a service's
users
, not the service itself. Services should always authenticate/distrust user input/etc; no client-side technology makes that unnecessary.