|
|
|
|
|
|
by codedokode
8 days ago
|
|
|
When adding new HTTP methods, they should have included protection against cross-domain requests into the method, i.e. the server should not response to QUERY requests from another domain by default and the browser should not include cookies and auth in cross-domain requests. This was a mistake not to disable cross-domain GET/POST requests and it should not be repeated. |
|
|