Slacker News Slacker News logo featuring a lazy sloth with a folded newspaper hat
  • top
  • new
  • show
  • ask
  • jobs
Library
← Back to context

Comment by bastawhiz

4 hours ago

I think cors can prevent that. You can't make a cross origin request from an origin that isn't allowlisted

2 comments

bastawhiz

Reply
15155  2 hours ago

Timing attack on the preflight.

inetknght  3 hours ago

You really think a server-controlled CORS list will protect you from a client-side configuration issue?

Slacker News

Product

  • API Reference
  • Hacker News RSS
  • Source on GitHub

Community

  • Support Ukraine
  • Equal Justice Initiative
  • GiveWell Charities