Skip to content
This repository has been archived by the owner on Aug 23, 2022. It is now read-only.

Suggestion: you could avoid disabling CORS #12

Closed
andrew-sol opened this issue Feb 27, 2022 · 1 comment · Fixed by #20
Closed

Suggestion: you could avoid disabling CORS #12

andrew-sol opened this issue Feb 27, 2022 · 1 comment · Fixed by #20
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed up-for-grabs This can be made a pull request

Comments

@andrew-sol
Copy link

You could avoid disabling CORS by using img or iframe tags instead of fetch. It's an old XSS technic. It's also possible to create an image element programmatically without inserting it into the DOM. Do the research if you're interested.
@dimention
Copy link

You can also use mode: 'no-cors' for fetch

@ajax-lives ajax-lives added up-for-grabs This can be made a pull request enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed labels Feb 27, 2022
@MoonTM-GIT MoonTM-GIT mentioned this issue Feb 27, 2022
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed up-for-grabs This can be made a pull request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Disabled CORS as suggested by dimention
3 participants
@dimention @ajax-lives @andrew-sol