1 post
A permissive CORS header delegates the read decision to the requester, letting attacker script read authenticated responses through the victim's own browser.
