Thanks bro, i miss lot of cors related to this issue, everyone used xss method to exploit this. but now i hope i'll get this on target.