Hacker News new | past | comments | ask | show | jobs | submit login

Well, yes, in fact, I was complaining about the Same-Origin Policy, and CORS is just the consequence of the way the SOP works. Nevertheless, this doesn't really change the situation.

If the browsers separated the session by origin (as blauditore wrote), the whole problem space would look very different.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact