Hacker News new | past | comments | ask | show | jobs | submit login

CORS is a technical subsidy granted to (sloppy) users of cookie authentication. I’ve never worked on a project where it was anything other than an annoying hoop to jump through.

When has "subsidy" become the go-to narrative to argue against any sort of deference to real-world usage?

You could just as easily frame CORS as "antibiotics for the people who dared to leave their house".

(There's also a no-true-scotsman fallacy going on in your argument)

More like "mandatory medical testing at the airport because some people don't vaccinate" from my perspective.

It's a "subsidy" because we all have to spend time on it, even though lots of people don't receive any benefit from it. It's not intolerable, the Web is based on community standards and responds to community needs, and I'm fine with that. But I'm always on the losing end of this one so I'm going to say so.

I'd also argue it encourages worst practices

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact