CORS is enforced by the client, the web browser. +----------------------+ +-----... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

kenny_r 11 months ago | parent | context | favorite | on: Building an "Easy" Web Application

CORS is enforced by the client, the web browser.

  +----------------------+                               +-----------------------+
  |     User Browser     |                               |     WordPress Site    |
  | (viewing from        |          CORS Error           |     (blog.com)        |
  |  example.com)        |     Browser enforces CORS     |                       |
  |    +------------+    |        Direct request         |    +------------+     |
  |    | Frontend   |<-----------------------------------X    | xmlrpc.php |     |
  |    | App        |    |     example.com → blog.com    |    |            |     |
  |    +------------+    |                               |    +------------+     |
  +----------------------+                               +-----------------------+
       Browser security blocks cross-origin
       requests (CORS is browser-only!)

The bottle app presumably uses some python library like Requests. It wouldn't care about CORS.

  +----------------------+     +------------------------+     +-----------------------+
  |     User Browser     |     |    App Server          |     |     WordPress Site    |
  | (viewing from        |     |    (example.com)       |     |     (blog.com)        |
  |  example.com)        |     |                        |     |                       |
  |    +------------+    |     |    +------------+      |     |    +------------+     |
  |    | Frontend   |<-------->|    | Backend    |<---------->|    | xmlrpc.php |     |
  |    | App        |    |     |    | (Bottle)   |      |     |    |            |     |
  |    +------------+    |     |    +------------+      |     |    +------------+     |
  +----------------------+     +------------------------+     +-----------------------+
           Same origin         Uses requests library           Different origin
       Browser allows this       No CORS checks here!         (Server doesn't care
                               (Not a browser!)                  about origin)

theincredulousk 11 months ago [–]

makes sense, thank you. How'd you generate the diagrams so quickly?

kenny_r 11 months ago | [–]

My pleasure. Claude 3.5 Sonnet made the diagrams after 3 rounds of prompting.

LLM's are surprisingly good at making diagrams in monospaced ascii or MermaidJS.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact