10
phez
6y

Fuck CORS.
Three hours into trying to make it fucking work... YES BROWSER I ALLOWED ALL ORIGINS WHY DONT YOU WORK 😭😭

Comments
  • 2
    Check if the server is really sending the Access-Control-Allow-Origin header with curl

    curl -sSL -D - fonts.googleapis.com/css/... -o /dev/null

    (obv. change the url to the one you're testing)
  • 0
    I was just going all rage mode and thought the problem is with my proxy that I use for the requests. But apparently are not even able to send requests to localhost?!
  • 0
    Maybe this can help you when testing things locally : https://chrome.google.com/webstore/...
  • 4
    CORS is awesome and can literally safe an ass or two in XSS situations (and similar)
  • 0
    Trace backwards. From the actual header.
Add Comment