Definitely not. The more likely attack vector for CSRF is for non-XHR requests (regular GET and POST), which aren't subject to CORS anyway. You need to check your URLs for the types of requests they allow, and protect accordingly. CORS actually makes this safer, if you can be sure it is being used.
Definitely not. The more likely attack vector for CSRF is for non-XHR requests (regular GET and POST), which aren't subject to CORS anyway. You need to check your URLs for the types of requests they allow, and protect accordingly. CORS actually makes this safer, if you can be sure it is being used.