Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
Retr0id
3 months ago
|
parent
|
context
|
favorite
| on:
Why do we have both CSRF protection and CORS?
Nothing prevents this, but the client must still emit preflight checks (an extra round-trip) for
every
endpoint, and again if headers need to change.
Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
