No, it's exactly the other way around. The SOP protects you from these security issues. CORS is a feature that can be used to loosen up the SOP, to allow more complex inter-application behaviour.
replyah right, my own brain got jumbled from reading all the comments forgetting that cors: '*' is not the default.
replyAnd now he's part of the confusing comment section lol
replyI fixed it, it stays relatively the same vs original explanation, just had inverted defaults I have no idea why I thought '*' was the default. Definitely impacted by the confusing comment section haha.
replyI love this, easy intuitive explanation
reply