I know that CORS enforcement happens such that server sends CORS policy in HTTP headers and client (web browser) enforces it, but why is that? How can server rely on client enforcing its security rules? Wouldn't be easy to for client to just ignore them on purpose? Or for hackers to hack the web client such that CORS don't apply?
Aucun commentaire:
Enregistrer un commentaire