|
|
|
|
|
|
by staticassertion
1808 days ago
|
|
|
Right but that's why CORS exists, so I'm trying to figure out what this mitigation is for. Like, you can't just fetch with credentials by accident - I guess if you don't use http cookies, which sure that's fine, maybe you can? This isn't my area of security so I'm trying to figure out what the scenario is supposed to be where this mitigation is important. |
|
|