alt Hacker NewsWe had a project were the same developer wrote the frontend and backend and still managed to get CORS wrong. As the operations people we rewrote them correctly in the load balancer... well I assume correctly, at least the application now works.
CORS is really hard to wrap your head around, but sadly there's also a ton of developers that not only fail understand the threat model that CORS guards against, they also don't understand webdevelopment in general, especially the http protocol. I find that somewhat strange, because they also can't do native application.
Replies
> I assume correctly, at least the application now works.
That's like saying the lock works because people can enter the building. What about keeping the bad guys out, which is the whole point?
> they also don't understand webdevelopment in general, especially the http protocol. I find that somewhat strange, because they also can't do native application
Why would that be strange? Someone who is bad at thing A is likely also bab at closely related thing B.