alt Hacker NewsSounds like they have not got CORS set up on their servers either? Surely it should not allow mutating requests from random origins not on an allowlist?
Sounds like they have not got CORS set up on their servers either? Surely it should not allow mutating requests from random origins not on an allowlist?
CORS has nothing to do with (dis)allowing 'mutating requests from random origins' on the server unless I'm misunderstanding what you mean. The origin is a browser concept.