@kristjanmik
@jsconfis organizer, @rvkjs community leader, maker of things and co-founder of @Watchbox_app
Killing CORS Preflight Requests on a React SPA
Damon Aw
1177
Even though the request is made via HTTPS the url and query string can still be sniffed quite easily while the header payload is encrypted
