As we have a proper understanding of the CORS from the last chapter. We know that CORS prevents malicious JavaScript from reading responses, not from sending requests.
This means a CSRF attack can still succeed even on perfectly configured CORS setup.
Leave a comment
Your email address will not be published. Required fields are marked *