You shouldn't need your session token in JS, you can specify your fetch requests... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

smagin 69 days ago | parent | context | favorite | on: Why do we have both CSRF protection and CORS?

You shouldn't need your session token in JS, you can specify your fetch requests to include cookies, and you can setup CORS to allow that.

Consider applying for YC's Summer 2025 batch! Applications are open till May 13
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact