Comment by wnevets
7 years ago
> like sending requests as JSON requires an extra (pre-flight) request, so in my script I use the "text/plain" content type, which does not require an extra request.
what are the security implications of this?
7 years ago
> like sending requests as JSON requires an extra (pre-flight) request, so in my script I use the "text/plain" content type, which does not require an extra request.
what are the security implications of this?
He's talking about skipping CORS by using a "plain" request. Avoiding CORS is not a huge security vulnerability afaik.