logoalt Hacker News

Lerctoday at 7:07 AM2 repliesview on HN

I don't think you can even say CORS does that.

The degree to which CORS is poorly understood (I have read numerous (often contradictory) documentation and I don't really understand it.) means that you can't rely on it being implemented properly by an unknown party,

If a protocol reaches this level of widespread confusion, I think all bets are off. Even if one end of a system performs correctly, who's to say that the other will. If people adapt their code until it works with another implementation, were they mistaken, or the other end?

Replies

xg15today at 10:39 AM

I think it still works, because the number of "client implementations" of CORS is very limited (*) - only the browsers have to implement that, and the browser devs seem to understand it well enough.

So there is only one end of the system that is confused - the servers - but at least the other end - the browsers - can mostly be trusted to implement it correctly.

(*) unless you're implementing an open proxy, but then you have bigger problems.

RobotToastertoday at 8:00 AM

It seems like nobody understands CORS.

Including me TBH.

show 1 reply