|
|
|
|
|
|
by kilburn
2402 days ago
|
|
|
SameSite cookies are never sent on CORS requests (not even when the server explicitly allows CORS requests with credentials [1]). In other words: yes, it would have mitigated Bluehost's problems. It would also have broken their sites (or otherwise they would not be needing to use CORS requests at all). [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Ac... |
|
|