top | item 45589187

(no title)

kevinyew | 4 months ago

You can if you want to deliberately CORF yourself for some reason - it's there to protect you, but spoofing it doesn't give you any special access you wouldn't otherwise have.

The point is that arbitrary user's browsers out in the world won't spoof the Origin header, which is protecting them from CORF attacks.

discuss

No comments yet.