Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

When adding new HTTP methods, they should have included protection against cross-domain requests into the method, i.e. the server should not response to QUERY requests from another domain by default and the browser should not include cookies and auth in cross-domain requests. This was a mistake not to disable cross-domain GET/POST requests and it should not be repeated.


Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: