On Sat, 21 Aug 2010 03:59:09 +0200, Devdatta Akhawe dev.akh...@gmail.com
wrote:
It seems that over here facebook is a benign server that some time in
the past assumed that XHR can only be same origin, and with the
introduction of cross origin XHR is suddenly vulnerable to XSS. In
general, a
Hi
The CORS specification in its current form seems to be very concerned
about increasing attack surface of benign servers (the preflight
request etc. concern). Seeing [1] I am concerned about the other case
- benign clients and malicious cross origin servers.
for the tl;dr crowd - my (possibly