728x90
example.com -> example.org (process request) send response -> browser won't allow because domain is different from example.com -> throw error
notice method (org) still get called but the response is getting blocked
csrf totally blocks method calling even request. it is the difference
we can have whitelist and allow some domain(origin)
preflight request = test request if endpoint is alive?
cors can be configured jsut like csrf with lambda
728x90
'WEB > Security' 카테고리의 다른 글
| Lesson 12 - Deeply understanding the grant types (0) | 2022.05.06 |
|---|---|
| Lesson 11 - OAuth 2 and Spring Security (0) | 2022.05.06 |
| Lesson 9 - (Cross-Site Request Forgery) CSRF (0) | 2022.05.06 |
| Lesson 8 - The Security Context (0) | 2022.05.06 |
| Lesson 6 - Multiple Authentication Providers Part 1 ,2 (0) | 2022.05.05 |