Ask HN: Has CORS Solved Anything?
Personally I see it only as something that needs to be implemented on the server so the browser doesn't error out and the user won't freak out. Beside that it's just like a lock on a door... in a house... with no walls.... in the middle of a desert... on mars.
4 comments
[ 4.4 ms ] story [ 19.6 ms ] threadI recently got a bug bounty for finding a CORS vulnerability and showing a proof of concept phishing site that uses all of the resources from the genuine origin. The site was accepting a wildcard origin whereas it should've used a whitelist.