More

mparnisari · 2026-06-21T06:11:29 1782022289

I'm one of them. CORS is THE topic that I have to get a refresher for periodically. It's like I forget about it, it never sticks. I'm a backend developer so I never encounter any cors issues. Maybe that's why? I seem to forget things that I don't use on a day to day basis, so.

cyberrock · 2026-06-21T07:48:20 1782028100

The DX for CORS and CSP is horrible because none of the browsers point out where the problem is coming from. In a sane world they would all write "response header" or "meta tag" somewhere in the message but the Riddler, Jigsaw, the Cheshire Cat were each hired by the major browser vendors to write the error messages. Chrome is the closest with "requested resource" but that's still downright cryptic. But on the other hand I'm glad all three of them still agree on something.

Edit: I realize that this is a fairly non-constructive comment, so to fix that, my suggested replacements are:

    Resource https://bank.com doesn't allow cross-origin requests due to lack of CORS headers. (Link to preflight request in Network tab) CORS protects against unaffiliated sites requesting data from your server. (Link to MDN)

    Resource https://bank.com doesn't allow cross-origin requests because this origin isn't in its CORS allowlist. (Link to preflight request in Network tab) ...

    Resource https://... can't be fetched due to CSP headers in this page. (Link to page request headers or meta tags in inspector) CSP prevents unauthorized scripts from executing on your page. (Link to MDN)

yen223 · 2026-06-21T06:13:31 1782022411

The biggest problem with CORS is precisely that most CORS errors show up as a frontend problem - specifically, a browser problem - but it needs to be fixed on the backend

1dom · 2026-06-21T11:13:26 1782040406

I feel the same. Unfortunately, I've had to deal with CORS in a few situations where the request is "we need to get this thing from this server, but we can't change the servers CORS or CSP", which, in technical security speak is "we have this security system in place, we need to circumvent it".

Ultimately, it almost always depends on the server only being accessed via an untampered browser request.

The Zoom exploit was able to happen because CORS and CSP are so easy to get around on the client side, so Zoom did it. Sure, Zoom were bad/lazy/silly for doing it, but I feel we're bad as a community for still having this model.

mparnisari · 2026-03-29T18:06:44 1774807604

I have a kobo and I use Instapaper. Is this similar?

mparnisari · 2026-03-09T02:05:29 1773021929

What was your main takeaway from that book?

mparnisari · 2026-03-04T16:45:59 1772642759

If they could read, this would upset managers at Amazon.

mparnisari · 2026-01-01T11:21:07 1767266467

My uni course on optimization was so much fun but I forgot all of it. This was a nice reminder that I should probably revisit the basics :)

mparnisari · 2025-12-09T02:05:28 1765245928

Vancouver Public Library as well :) https://www.vpl.ca/digital-library/oreilly-technology-and-bu...

Though I wish I could check them out on my Kobo...

mparnisari · 2025-12-06T04:40:38 1764996038

I love this website. I wish I could search it in Spanish. I grew up watching the Simpsons in Spanish and I sometimes struggle to find the right clip because I don't know the exact translation

mparnisari · 2025-11-09T23:53:43 1762732423

I hang up a flag on my balcony and it has worked for me.

mparnisari · 2025-11-07T14:27:00 1762525620

mparnisari · 2025-10-24T03:23:59 1761276239

I worked for AWS for two years and if I recall correctly, one of the issues was circular dependencies.