Request new functionality here
Isn't the idea to allow cross-site requests specifically for the API (where requests contains explicit authentication as opposed to cookies) while still maintaining XSS protection for the rest of the site?
- ^ me reading your posts ^
- Posts: 6318
- Joined: 27 Aug 2005, 22:53
- Location: Saint-Petersburg, Russia
API supports authentication via cookies, I think. Which could be XSS'd in case of a terrible shitty "web app" written by some idiot.
Who is online
Users browsing this forum: No registered users and 5 guests