undefined | Better HN

0 pointskoolala5d ago0 comments

CORS sucks since Cross-Origin-Embedder-Policy: credentialless was never made standard across all browsers. It's a browser client restriction you can't turn off. If you want to do anything interesting with WWW content you have to run your own browser or run an out-of-box one off a proxy server that breaks everything.

0 comments

3 comments · 1 top-level

9dev5d ago· 2 in thread

> If you want to do anything interesting […] you have to run your own browser

This is usually a sign you don't really understand what you're doing.

koolalaOP5d ago

Its not? Remember the 90s? There was a beautiful time before CORS and DRM in the browser. Browsers used to be something that actually cared about allowing full client control.

9dev5d ago

But it isn't the 90s anymore. Billions of people are using the internet, doing everything from voting to shopping to managing their stock portfolio. There are valid reasons why we have security protocols.

And aside from that - it's not like CORS is preventing you from anything. The only requirement is to read up on it, understand it, and configure your web server accordingly. If you're unable to do that, or you'd rather create your own browser, then the only conclusion I can draw is that you're either unwilling or unable to take proper care of the security of your users.

1 more reply

j / k navigate · click thread line to collapse