Hacker News new | past | comments | ask | show | jobs | submit login

You're 100% correct, and while someone has pointed out the proper headers that need to be set on the bug report here: https://bugs.chromium.org/p/chromium/issues/detail?id=67743, it's been drowned out by people who don't seem to understand the issue:

http://williambert.online/2013/06/allow-cors-with-localhost-...

CORS is hard, I've struggled on it several times, and I'm not surprised an engineer gave up trying to fix it because of deadlines.




Can confirm, CORS (Origin: ramdomsite.tld to localhost) works just fine in Chrome.

If you have a CORS enable server on localhost you can make requests to it from http://www.test-cors.org




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: