With the existance of CORS, what further purpose does same origin policy serve?
I’ve been using CORS for a while and I think I understand it. But as far as I can tell, because the allow-origin header is provided by the server being called, which an attacker can control as they see fit, same origin policy cannot preven… Continue reading With the existance of CORS, what further purpose does same origin policy serve?