I think cors can prevent that. You can't make a cross origin request from an origin that isn&#x...

bastawhiz • yesterday at 7:45 PM • 2 replies • view on HN

I think cors can prevent that. You can't make a cross origin request from an origin that isn't allowlisted

15155 • yesterday at 9:45 PM

Timing attack on the preflight.

inetknght • yesterday at 9:29 PM

You really think a server-controlled CORS list will protect you from a client-side configuration issue?

alt Hacker News