Hacker News new | past | comments | ask | show | jobs | submit login

Browsers are ubiquitous, and they run third party code. That would be a deadly combination for anyone hoping to launch a DDOS attack if CORS protections didn't exist.

The same could be said about operating systems. In fact when just replacing "Browsers" with "Operating systems" your sentence would still hold true.

Not really. Third party code that you haven't installed does not run in an operating system at the click of a button. It does in the browser.

By the logic you're outlining there's no reason to sandbox a browser at all, since it's no different to an operating system. Experience suggests that would not be wise.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact