Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
felipelemos
on Dec 27, 2018
|
parent
|
context
|
favorite
| on:
Ask HN: What do you use for authentication and aut...
CORS is not a tool to turn resources private, but to protect the browser (not the server's content) from cross domain requests.
scottydelta
on Dec 27, 2018
|
next
[–]
Exactly, the attacker can always not use the browser and emulate a browser request if motivated enough.
throwawaymath
on Dec 27, 2018
|
prev
[–]
Yes, that's precisely why CORS is a poor fit for authentication :)
askmike
on Dec 28, 2018
|
parent
[–]
Sure, but I don't see why the tip in OP is "don't use CORS". To me that implies there is actually something insecure about using it.
throwawaymath
on Dec 28, 2018
|
root
|
parent
[–]
Yeah you can use CORS securely, there are just pitfalls to look out for.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
