Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
smagin
11 months ago
|
parent
|
context
|
favorite
| on:
Why do we have both CSRF protection and CORS?
You shouldn't need your session token in JS, you can specify your fetch requests to include cookies, and you can setup CORS to allow that.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
