top | item 29778927

(no title)

fraktl | 4 years ago

No, it's not ugly. It's necessary. And we don't need any additional tooling around it or yet another thing that "fixes" what doesn't need to be fixed.

If you control domain.com and api.domain.com, then you can create a proxy that glues the two to the same domain, getting rid of any CORS annoyances forever. And you use the tech that exists. The whole problem takes less than 1 minute to type, test, deploy and there's no need for yet another big thing invented to solve a small problem that occurs due to ignorance of self-proclaimed "developers".

discuss

andyp-kw|4 years ago

Yes it is ugly. How many learners have been stumpped by CORS errors over the years?

But it's also necessary.

pineconewarrior|4 years ago

I think it has some ugliness to it, but the idea behind it is necessary. The restrictions it places on front-end scripts are currently very challenging to work around, particularly if you're trying to implement a strict CORS policy on an existing website.

It's difficult enough to implement that it probably won't be implemented on the majority of the web - and maybe that's okay.

rattlesnakedave|4 years ago

> And we don't need any additional tooling around it or yet another thing that "fixes" what doesn't need to be fixed

This is what CORS is though.