> Only the janitor's department calling in can dial that sequence
replyIs this the case though? Cannot any website use the same trick Adobe does to check whether you have Creative Cloud installed? Like, the entries in /etc/hosts are not magically scoped to work just on Adobe's web, no?
I think cors can prevent that. You can't make a cross origin request from an origin that isn't allowlisted
replyTiming attack on the preflight.
replyYou really think a server-controlled CORS list will protect you from a client-side configuration issue?
reply