|
|
|
|
|
|
by jsiepkes
1613 days ago
|
|
|
As far as I understand it everything should still work with permission. You just need to request permission first: > the preflight requests will request permission from target websites to send HTTP requests with the header Access-Control-Request-Private-Network: true. If permission is granted, the response will carry the header Access-Control-Allow-Private-Network: true. "This ensures that the target server understands the CORS protocol and significantly reduces the risk of CSRF attacks," said Rigoudy and Kitamura. |
|
|