Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
(and if not, does it actually improve client side security?)
I’m thinking of the case where a script from server X uses XHR to obtain and run untrusted code from server Y (which supports CORS).
(obviously evaluating untrusted code is bad™)
I do not use CORS to improve security at all. I use CORS to access a known webservice on a different domain which I would not be allowed to access without CORS. Nothing to do with improving security in my opinion, but to allow data from one domain to be entrusted to another.