Confusion over > "Unfortunately, this does not block the above request as it does not use JavaScript (so CORS is not applicable)."
igauravsehrawat opened this issue · 3 comments
igauravsehrawat commented
Here https://github.com/pillarjs/understanding-csrf#disable-cors
It is unclear what doesn't use Javascript? Is it GET? One can make GET
request with AJAX, right?
It would be nice if someone clears the confusion over this.
Thanks
jonathanong commented
the request above was a <form>
request, which is not javascript and thus is susceptible to CSRF attacks
igauravsehrawat commented
Thanks @jonathanong
Can there more such type of requests?
dougwilson commented
The wording in the doc is just about the form example directly above and how it does not use javascript.