Is CORS a secure way to do cross-domain AJAX requests?

by

The purpose is to prevent this –

  • You go to website X
  • The author of website X has written an evil script which gets sent to your browser
  • that script running on your browser logs onto your bank website and does evil stuff and because it’s running as you in your browser it has permission to do so.

The ideas is that your bank’s website needs some way to tell your browser if scripts on website X should be trusted to access pages at your bank.

More Related Contents:

  1. Origin is not allowed by Access-Control-Allow-Origin
  2. CORS error on same domain?
  3. Understanding AJAX CORS and security considerations
  4. How does Access-Control-Allow-Origin header work?
  5. jQuery AJAX cross domain
  6. Loading cross-domain endpoint with AJAX
  7. jQuery XML error ‘ No ‘Access-Control-Allow-Origin’ header is present on the requested resource.’
  8. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘…’ is therefore not allowed access
  9. Why am I seeing an “origin is not allowed by Access-Control-Allow-Origin” error here? [duplicate]
  10. No ‘Access-Control-Allow-Origin’ header is present on the requested resource error
  11. Cross-Origin Read Blocking (CORB)
  12. Why am I seeing an “origin is not allowed by Access-Control-Allow-Origin” error here? [duplicate]
  13. Firefox ‘Cross-Origin Request Blocked’ despite headers [closed]
  14. Why does the preflight OPTIONS request of an authenticated CORS request work in Chrome but not Firefox?
  15. How do I send an AJAX request on a different port with jQuery?
  16. AngularJS POST Fails: Response for preflight has invalid HTTP status code 404
  17. Javascript – No ‘Access-Control-Allow-Origin’ header is present on the requested resource
  18. Cross Domain Resource Sharing GET: ‘refused to get unsafe header “etag”‘ from Response
  19. Canvas tainted by cross-origin data
  20. What’s to stop malicious code from spoofing the “Origin” header to exploit CORS?
  21. How to allow CORS in react.js?
  22. CORS cookie credentials from mobile WebView loaded locally with file://
  23. Javascript module not working in browser?
  24. Solve Cross Origin Resource Sharing with Flask
  25. How to Detect Cross Origin (CORS) Error vs. Other Types of Errors for XMLHttpRequest() in Javascript
  26. Cross-domain connection in Socket.IO
  27. Microsoft Edge blocked cross-domain requests sent to IPs in same private network CIDR
  28. XMLHttpRequest: Network Error 0x80070005, Access is denied on Microsoft Edge (but not IE)
  29. CORS error with jquery
  30. Phonegap-Javascript sending cross-domain ajax request

Leave a Comment