Comment by layer8

Comment by layer8 3 days ago

0 replies

View on Hacker News

CORS doesn’t prevent requests (i.e. GET requests from IMG tags, or XHR preflight requests), it only prevents web apps from processing the response if the responding server doesn’t agree. And a simple GET or even OPTIONS request can be enough to exploit vulnerabilities in routers and other local devices.