Allowing the fetching of any URL from the frontend, regardless of CORS headers, would:
- Reduce the server costs/load for a lot of web apps
- Improve user experience due to a faster response time for external URLs that currently need to be fetched through a proxy/backend

Show thread

Honest web dev question:

Why is CORS necessary? If the cookies, etags, cache, etc. were completely separated from those used for first-party requests to the site, what would be the security issue with allowing fetch() for any URL?

Show older
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.