Hacker News new | past | comments | ask | show | jobs | submit login

As I mentioned above this doesn't work for all CDNs and also involves trusting your CDN to MitM your API



This kind of comment falls under what I posted originally - people making up reasons why they can't go with proxy solution.


I don't think that security requirements are a "made up" restriction.

It's like saying that a house built without a lock is a made up issue and that no lock pr door is needed.


They're not, but you're blatantly refusing to read what's being written.

Public CDN should never be trusted. If you use a CDN in the first place and have strict security requirements, then you create your own private CDN. And if you can control that private CDN, you have all the ingredients to avoid CORS.

It's really that simple. No one is saying you are wrong, but you're refusing to look at the entire picture and you focus only on a subset, in which - of course - your argument works.


So your point is that there is no reason to not serve everything behind the same origin, it only requires setting up a full fledged CDN to do so.

I'm sorry but that's simply not an acceptable constraint.


I'm sorry that we ended up discussing this because all you did was invent situations and argued with people who didn't even state any of what you managed to read.

No one is telling you not to deal with CORS your way. Fact of the matter is that you can avoid it, but you're making up reasons why you can't. The only reason you can't is because you won't. You're free to use whatever approach you like, there's no police here, just don't state that I or anyone else wrote what we didn't. It'd be grown up thing to do. Thanks and best of success with your projects.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: