upvote

points

by kittywantsbacon12 hours ago |
comments
upvoteby JimDabell3 hours ago|
next
[-]
I think perhaps it’s generational.

If you were a web developer before CORS existed, then you understand that cross-domain requests were forbidden all along and CORS was created to bypass this security. Therefore to do the thing you want to do, you need to enable CORS. No problem, that’s pretty easy.

If you only picked up web development after CORS existed, then you try to make a cross-origin request; the browser understands that it isn’t allowed; the browser tries to do a CORS preflight request; the preflight request fails; and the browser reports a CORS error in the console.

So if you don’t understand what’s going on, don’t RTFM, and just guess, you’re going to guess that CORS is the thing that is blocking the request and that you need to disable CORS. And that leads you directly into a confusing mess because you are trying to do the exact opposite of what you need to do. CORS is the solution to your problem, not the cause of it.

It doesn’t help matters that a whole bunch of people with the same misunderstanding will confidently repeat that misunderstanding in tutorials and online discussions.

reply
upvoteby brazukadev3 hours ago|
parent|
[-]
> So if you don’t understand what’s going on, don’t RTFM, and just guess, you’re going to guess that CORS is the thing that is blocking the request and that you need to disable CORS. And that leads you directly into a confusing mess because you are trying to do the exact opposite of what you need to do. CORS is the solution to your problem, not the cause of it.

Great explanation. The name is quite obvious actually, Cross-Origin Resource Sharing. People should understand if they read it.

reply
upvoteby ghoshbishakh12 hours ago|
prev|
next
[-]
100% - although it is stunning to see since most LLMs get CORS questions right (which is surprising since they trained on all sorts of incorrect data).
reply
upvoteby Finbel11 hours ago|
parent|
next
[-]
Maybe it’s like that trick where if a thousand people guess the amount of beans in a jar almost all of them will be wrong but their average will be very close to, if not, correct.
reply
upvoteby mattkenefick5 hours ago|
parent|
next
[-]
they probably weight documentation higher
reply
upvoteby xnx3 hours ago|
parent|
[-]
They're applying trust factors similar to PageRank.
reply
upvoteby TeMPOraL7 hours ago|
parent|
prev|
[-]
Possibly, but at a semantic level.
reply
upvoteby tgv9 hours ago|
parent|
prev|
next
[-]
I think many (most?) have preferred sources. I would weight Wikipedia and MDN higher than Snurk Grubble's blog in training, no matter what the topic.
reply
upvoteby marcosdumay5 hours ago|
parent|
[-]
Also, you can count on most developers to reach the documentation only as a last resort, and try every random blog first.
reply
upvoteby mhh__3 hours ago|
parent|
prev|
next
[-]
They look for latent structure in the data.
reply
upvoteby PunchyHamster4 hours ago|
parent|
prev|
[-]
It's probably trained more on fixes on incorrect CORS than the problems
reply
upvoteby paulddraper3 hours ago|
prev|
next
[-]
Depressing.

While CORS is not intuitive, it is understandable by RTFM.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/COR...

reply
upvoteby gib44410 hours ago|
prev|
[-]
Guidelines say to edit out swipes, so your comment can be edited to just:

""

reply