pillarjs/understanding-csrf

Confusion over > "Unfortunately, this does not block the above request as it does not use JavaScript (so CORS is not applicable)."

igauravsehrawat opened this issue · 3 comments

Here https://github.com/pillarjs/understanding-csrf#disable-cors

It is unclear what doesn't use Javascript? Is it GET? One can make GET request with AJAX, right?

It would be nice if someone clears the confusion over this.

Thanks

the request above was a <form> request, which is not javascript and thus is susceptible to CSRF attacks

Thanks @jonathanong

Can there more such type of requests?

The wording in the doc is just about the form example directly above and how it does not use javascript.