Re: Redirect and Origin

On Tue, Jun 9, 2009 at 2:20 PM, Tyler Close<tyler.close@gmail.com> wrote:
> I had thought CORS, by it's use of Origin, was meant to be a safe
> replacement for JSON-P.

Can you explain again how the attack works for Origin-header-for-CORS?
 Keep in mind that the response is delivered to the original
requester, who should be accurately identified by the Origin header
(even through redirects).

Adam

Received on Tuesday, 9 June 2009 21:53:20 UTC