Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
To learn that noone should stick his magic dick in your gateway. Not without permission.
-
Voxera113883yTo prevent malware from loading extra resources.
The problem with a simple setting is that social engineering then easily can lure the most susceptible users into disabling it and then their bank account can be hacked.
Security is unfortunately never easy and every one that thinks so either get burned them self or cause others to get burned due to bad practices. -
And of course it has a rational. There are quite a few (local) applications that bind to localhost, but do not have any reasonable security at all. For this reason, there is currently a draft standard which further locks down localhost in webbrowsers.
And browsers have a command line flag for disabling SOP (but you really really really really really do not want to browse to any non-local website with it enabled).
There is no "simple setting" because a regular user does not how dangerous it would be. -
There are Browser extensions to disable CORS, but only use it if you know what you're doing, it won't take long to get hacked if naive users disabled CORS.
-
Disabling is like setting Access-Control-Allow-Origin to asterisk.
Makes no sense, only worse.
And enabling Cors is simple.
Preflight / Options
Other HTTP Methods
Use a map in nginx or the Lua cors module in haproxy. -
@sbiewald DISREGARD the man pointing out my ignoran---I mean disregard the HERETIC!
Related Rants
Y is cors such a big issue ๐คจ can't browsers just add a simple setting to enable or disable cors ? Atleast for local host, whats the rationale to have cors enabled ๐
random
frontend
cors
frontend dev
chrome