DEV Community

loading...

Discussion on: ✋🏼🔥 CS Visualized: CORS

Collapse
lydiahallie profile image
Lydia Hallie Author

Origin is actually a "forbidden header", you can't manually set it! 😊 We can't fake the Origin header that way.

However, making the exact same request outside a browser (eg. cURL) would give you access to the resources!