re: Understanding CORS VIEW POST

TOP OF THREAD FULL DISCUSSION
re: You should protect against CSRF on any inputs that can change state imo.
 
  • CSRF is Cross-site request forgery
  • CORS is Cross-origin resource sharing

If no one from another origin is able to make requests to your site (CORS disabled),
then CSRF is redundant imo.

But that's not what CORS does. Re-read the warning in the article.

code of conduct - report abuse