Hacker News new | past | comments | ask | show | jobs | submit login

Rarely does a application actually need to enable CORS. If all of your webcalls are from the same domain YOU DONT NEED CORS. (Chatbots/socket.io)

You only need CORS if you need the browser to act as a middleman to pass information back. IE: Credit Card Payment IFRAME

If you screw up CORS implementation it just means that anyone can read any information set by your website.

https://www.moesif.com/blog/technical/cors/Authoritative-Gui...






Not so rarely. It's pretty common to serve the js frontend code on one domain the apis on a different domain



Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: