Added information about CORS security issue

2019-12-20 17:58:53 +01:00 · 2019-12-20 17:58:53 +01:00 · 57e2919f25
parent 94acd106da
commit 57e2919f25
1 changed files with 3 additions and 0 deletions
--- a/dist/README.md
+++ b/dist/README.md
@ -12,7 +12,10 @@ In order to block those, one can simply block the hostname `trackercompany.com`,

 However, to circumvent this block, tracker companies made the websites using them load trackers from `somestring.website1.com`.
 The latter is a DNS redirection to `website1.trackercompany.com`, directly to an IP address belonging to the tracking company.
+
 Those are called first-party trackers.
+On top of aforementionned privacy issues, they also cause some security issue, as websites are usually configured to trust first-party scripts.
+For more information, learn about [Cross-Origin Resource Sharing](https://enable-cors.org/).

 In order to block those trackers, ad blockers would need to block every subdomain pointing to anything under `trackercompany.com` or to their network.
 Unfortunately, most don't support those blocking methods as they are not DNS-aware, e.g. they only see `somestring.website1.com`.