Techly NewsGet the app

Get the latest tech news

Why do we have both CSRF protection and CORS?


Why do we have both CSRF protection and CORS?

I thought about cross-site requests and realised we have both CSRF protection and CORS and it doesn’t make sense from the first glance. js-initiated fetch and XMLHttpRequest web fonts webgl textures images/video frames drawn to a canvas using drawImage css shapes from images Until then, we will have to live with the situation where simple POST requests are special and allowed cross-site, while others fall into the CORS bucket.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of CORS

CORS

Photo of CSRF protection

CSRF protection

Related news:

News photo

CORS Is Stupid

« Frantic 2D Metroidvania Cookie Cutter finally gets Nintendo Switch release
What Game Is Jeff Bezos Playing? »