1 Matching Annotations
  1. Apr 2020
    1. Without same-origin policy, that hacker website could make authenticated malicious AJAX calls to https://examplebank.com/api to POST /withdraw even though the hacker website doesn’t have direct access to the bank’s cookies.

      Cross-domain vulnerability