DEV Community

[Comment from a deleted post]
Collapse
 
jonathanray profile image
Jonathan Ray

Thank you for this web app security article. I think you have confused CORS and CSP (Content Security Policy). CSP is what protects against XSS attacks.