I know discussions are preferred here for feature requests, but GitHub did not allow me to create a new Discussion.
I was looking for a quick way to verify CORS for my web application. I wanted to see how my application would respond to various requests made from a different origin, to ensure that my resources were adequately protected.
For my specific use case, I wanted to see if it was possible for a cross-origin request to be made which included a custom header. This custom header provides a defense against CSRF attacks when properly configured (https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#employing-custom-request-headers-for-ajaxapi)
I know discussions are preferred here for feature requests, but GitHub did not allow me to create a new Discussion.
I was looking for a quick way to verify CORS for my web application. I wanted to see how my application would respond to various requests made from a different origin, to ensure that my resources were adequately protected.
For my specific use case, I wanted to see if it was possible for a cross-origin request to be made which included a custom header. This custom header provides a defense against CSRF attacks when properly configured (https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#employing-custom-request-headers-for-ajaxapi)