Edit - Information Security Stack Exchange

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Rev

2

2c -- most people (especially in the beginning) write sites assuming a user at a browser is using the service. They haven't considered the case that third party malicious site evil.com is probing his API. Returning a * sorta means you've considered this. Although not if you just set your server to respond with a *, and your particular site may not have considered this.. I still think the spec is cumbersome and seems too server centric.
– Gerard ONeill
Commented Feb 16, 2017 at 23:10
This is the correct answer. If I have a native app, I can make whatever cross-site cookie-less requests I want, but in the browser, that is not allowed. :(
– David Barratt
Commented Aug 14, 2018 at 12:46

Add a comment |

Correct minor typos or mistakes
Clarify meaning without changing it
Add related resources or links
Always respect the author’s intent
Don’t use edits to reply to the author

create code fences with backticks ` or tildes ~
```
like so
```
add language identifier to highlight code
```python
def function(foo):
print(foo)
```
put returns between paragraphs
for linebreak add 2 spaces at end
_italic_ or **bold**
quote by placing > at start of line
to make links (use https whenever possible)
<https://example.com>
[example](https://example.com)
<a href="https://example.com">example</a>

formatting help »
answering help »