Hacker News new | past | comments | ask | show | jobs | submit login

I think the issue with understanding CORS is that you first need to understand same-origin policy and exactly when it applies. CORS is simply a method for bypassing same-origin policy. You also need to understand how a CSRF attack works.

Once you grasp both of these things, then you have the base for how and why CORS exists. Until then it's mostly an annoyance.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact