I think you’re making those restrictions out to be bigger than they are. Does no... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		afavour 4 months ago \| parent \| context \| favorite \| on: A proposal to restrict sites from accessing a user... I think you’re making those restrictions out to be bigger than they are. Does no-cors allow a nefarious company to send a POST request to a local server, running in an app, containing whatever arbitrary data they’d like? Yes, it does. When you control the server side the inability to set custom headers etc doesn’t really matter.

jonchurch_ 4 months ago [–]

My intent isnt to convince people this is a safe mode, but to share knowledge in the hope someone learns something new today.

I didnt mean it to come across that way. The spec does what the spec does, we should all be aware of it so we can make informed decisions.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact