> > What stops a script on evil.com from going to bank.com... > CORS Incorrect. ...

		Sohcahtoa82 11 months ago \| parent \| context \| favorite \| on: Why do we have both CSRF protection and CORS? > > What stops a script on evil.com from going to bank.com... > CORS Incorrect. It's SOP that prevents an evil.com script from going to bank.com It's CORS that allows evil.com. CORS is an insecurity feature that relaxes the SOP.