Yes, but that doesn't mean we should build a website that has its CSRF security ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Thorrez on July 11, 2019 \| parent \| context \| favorite \| on: Developers don't understand CORS Yes, but that doesn't mean we should build a website that has its CSRF security depend on the Content-Type header. There are other mechanisms to gain this security that are less confusing.

oefrha on July 11, 2019 [–]

Sure, nothing wrong with an additional (trivial) check, though.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact