Hacker News new | past | comments | ask | show | jobs | submit login

It can be inside of insecure browsers, you're not any more secure than you were before after CORS.



Users with insecure browsers are subjecting themselves to security vulnerabilities, not me. In this case, the service just wouldn’t work for them. Not overly worried about those users because they represent a diminishingly small portion of our user base.


The problem is that you can be unaware. It's also not tracked as a metric. Nobody knows how large or small it is.

Also, it's easily bypassed.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: