Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yes. That is true what you’ve said. Sometime, with waves of web pages, coupled with the analytical thoughts of weakness in each leg of a protocol, I should have explicitly noted them. In this case, I was in a hurry to put it down. Better to document what I’ve noticed and find justification later. My bad.


So, I’ve added more on CORS in earlier thread under this GP.


your rationale leaves something to be desired. I don't know if its really valid to consider something a dangerous tech just because it can be misused. Your computer can be very dangerous if misused - such as if you drop it out of a window on someone's head - that doesn't mean you shouldn't use a computer :)


As one who develops IDS/IPS for 23 years, it isn’t a “dangerous” issue, per se. It’s a “muddle” issue that runs contravenous to that “be liberal in what you receive, and conservative in what you send.” Like “exec” is for JavaScript.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: