24Kas
CORS error but only from AJAX and not from HTML form
I study web attacks. I find that it is possible to submit a form with HTML from another origin into the victim server. But if I use AJAX then I get a CORS error. Is this the expected behavior? If yes, why? The victim has not set any "Allow-Origin" header at all.
