DEV Community

Discussion on: Understanding CORS

Collapse
 
iamandrewluca profile image
Andrei Luca

Now I get it.
But can the attacker make a simple request, and get a CSRF token,
then make second request with that token included?