Access-Control-Allow-Origin and security behind it
I have some troubles to understand how the header “Access-Control-Allow-Origin” can really be secure. Let me explain what I have in mind:
Let’s say I have an API on api.contoso.com setting this header: Access-Control-Allow-Origin: https:/… Continue reading Access-Control-Allow-Origin and security behind it