A client drove 3 hours, for a urgent meeting with me that was solved by me adding CORS-headers

At least it's the client that travelled that far. It would have felt like a humongous waste of time and money if you were the one travelling.

But why?

That's what you get for disabling CORS on meetings

Yep, security headers are important.

Too bad, almost no fucking site out there can even dare to think about sending headers forbidding embedded styles and scripts - which would basically kill the most common web security bug class (XSS due to not escaping all user-provided data on every output)...

Was that the only OPTION?

^^ I’ll see myself out. #BadPuns

Did this incident turn the client into an enthusiastic advocate for virtual screen sharing technology?

Classic manager move, GOTTA HAVE A MEETING.

I can imagine the conversation, him using a lot of words, talking a lot but saying too little.

And then you are like “oh that’s just CORS, done”.

😂😂😂 i hope he didn’t kill anyone on the way

@jesustricks

Yes! That was exactly how it went!!

how to disable it on nginx? please somebody tell!! I am spending hours not able to fucking disable it

@Angry-dev

Lol