upvote

points

by 9dev9 hours ago |
comments
upvoteby koolala8 hours ago|
[-]
Who said anything about authentication? The only freedom I want is being able to wget content no differently than from a terminal. You need a modded custom browser to do that.
reply
upvoteby 9dev6 hours ago|
parent|
[-]
> Who said anything about authentication?

That's the thing. If you're logged in to good.com (with a session cookie), then go to evil.com and it has an AJAX call to good.com, it'll carry your cookie. Thus - authentication. Suddenly evil.com can remote control good.com. (at least it used to be this way at the time we got CORS; the situation has changed a bit with newer web platform features like SameSite cookie params.)

> The only freedom I want is being able to wget content no differently than from a terminal.

I see your point, I really do. But the Venn diagram overlap of "sites that need to download arbitrary websites", "sites that need to only fetch content client-side in the browser, not via their backend", and "sites that do this for non-nefarious purposes" is infinitesimally small. I'm pretty sure your use case is missing at least one of these three criteria.

reply
upvoteby koolala4 hours ago|
parent|
[-]
You don't have to send cookies. Thats the entire point of credentialless. The option to be able not to do this is trivial yet everyone is so fixed on it being mandatory when its the entire problem. Forcing cookies on people is not a good thing.
reply