loading...

re: ✋🏼🔥 CS Visualized: CORS VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Thank you for the article. I have been in web dev for few years but didn't know about simple and preflighted requests. Can we fake an "origin" head...
 

Origin is actually a "forbidden header", you can't manually set it! 😊 We can't fake the Origin header that way.

However, making the exact same request outside a browser (eg. cURL) would give you access to the resources!

code of conduct - report abuse