I just want to fetch publicly available information from my client-side app, but CORS gets in the way and forces me to use a sketchy CORS proxy. Makes me really hate CORS
I agree with this, but in my past online discussions about fetching publicly available information, two main arguments often arise:
1. The resource owner doesn’t want you fetching their resource.
2. They don’t want to suddenly be flooded with requests.
Each of these points has counterarguments. For example, the Same Origin Policy (SOP) only restricts fetches from the client side, and nothing stops people from fetching via a backend.
The second argument makes sense, the resource owner doesn’t want their resource to be freely fetched and to suddenly receive thousands of requests that their server likely can’t handle. SOP helps prevent this, but if you’re fetching from the backend, you should implement caching to avoid repeatedly hitting the target resource.
I created a CORS proxy [0] to handle this scenario, including caching responses.
There are also several free CORS proxies [1] available, they might be considered sketchy, but they’re probably fine for testing.
it is true. But again, writes are allowed, reads are not, you won't be able to see the reply. Which author of the question eventually realised https://stackoverflow.com/a/44122076/1685746
I just want to fetch publicly available information from my client-side app, but CORS gets in the way and forces me to use a sketchy CORS proxy. Makes me really hate CORS