Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Nope, it would not have been prevented by CORS.

CORS prevents reading from a resource, not from sending the request.

If you find that surprising, think about that the JS could also have for example created a form with the vote page as the target and clicked on the submit button. All completely unrelated to CORS.



> CORS prevents reading from a resource

CORS does nothing of the sort. It does the exact opposite – it’s explicitly designed to allow reading a resource, where the SOP would ordinarily deny it.


Even mdn calls it "violating the CORS security rules" instead of SOP rules: https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/COR...

Anyway, this is lame low effort trolling for some unknown purpose. Stop it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: