DEV Community


Discussion on: Why Facebook's api starts with a for loop

antogarand profile image
Antony Garand Author

Cors wouldn't work on old browsers, and CORS is also used on the source site to limit what can be accessed from this website.

What is happening here is the opposite: An attacking website want to access information from another one.

Also note that this vulnerability is over 10 years old, well older than CORS :)