Possible Duplicate:
What are the security risks of setting Access-Control-Allow-Origin?
I just wan't to check I'm not overlooking something here...
If I set access-control-origin: * and do not allow session based authentication, it's safe for me to serve up private data when it's requested with an access token, right? I can even allow post requests. As long as a valid access token is given I can't think of any way to attack a system like this.
Is there a hole here?
