|
|
|
|
|
|
by elken
1803 days ago
|
|
|
That's an interesting find thanks. I was not aware of no-cors mode. It seems though that a browser would not allow 'non-simple' headers in no-cors mode[0]. Authorization headers for example would not be allowed (if i'm reading correctly). So any API using that header would not be affected by this issue right? [0] https://developer.mozilla.org/en-US/docs/Web/API/Request/mod... |
|
|