54

Manager: I’m getting a strange error now….it says CORS? Any idea what that means?

Dev: Ezpz, just a matter of how many goats to sacrifice and incantations to recite

Manager: Are you serio—

Dev: Bring me my debugging pentagram

Comments
  • 6
    CORS? wtf why everywhere. Fuck CORS
  • 11
    @Eklavya Web security dude.
  • 3
    @Cyanide Yeah it is but eventually, a line of code can fix it. *headache*
  • 5
    @Cyanide That’s only for people who build things worth hacking
  • 14
    I have to say CORS is one of the more simplest ideas in internet security. It seems to be so simple, that people outright refuse to see how simple it is and keep thinking it's actually complicated.

    literally it just tells the browser if it can make request on behalf of the user to a cross-origin

    so if your user is on shadybank.com trying to communicate to api.realbank.com, the request will be blocked, because the API will tell the browser "hold up, the user is on some fucking retarded site, he can't talk to use from there, something is wrong"

    and it all revolves around the accept-origin and accept-headers headers. Essentially you just set your server up so it only allows users to talk to it through known origins and using known headers.

    It's something you should always have configured properly for both prod and dev environment, so you don't forget to turn it on once you're done developing
  • 8
    @Hazarth Basically, "no, you can't shit into my living room from your toilet."
  • 0
    Tbh, I wish there was an easier way to disable that for development.

    My backend literally has a "allow all cors" flag, so the fontend on a separate debug port can use it.

    Imo, it should see different ports on localhost as same-orign. But then there are apps that use a webpanel on localhost. So I guess not.
Add Comment