A client drove 3 hours, for a urgent meeting with me that was solved by me adding CORS-headers

  • 12
    At least it's the client that travelled that far. It would have felt like a humongous waste of time and money if you were the one travelling.
  • 0
    But why?
  • 2
    That's what you get for disabling CORS on meetings
  • 0
    Yep, security headers are important.

    Too bad, almost no fucking site out there can even dare to think about sending headers forbidding embedded styles and scripts - which would basically kill the most common web security bug class (XSS due to not escaping all user-provided data on every output)...
  • 13
    Was that the only OPTION?
  • 1
    ^^ I’ll see myself out. #BadPuns
  • 7
    Did this incident turn the client into an enthusiastic advocate for virtual screen sharing technology?
  • 3
    Classic manager move, GOTTA HAVE A MEETING.

    I can imagine the conversation, him using a lot of words, talking a lot but saying too little.

    And then you are like “oh that’s just CORS, done”.
  • 0
    😂😂😂 i hope he didn’t kill anyone on the way
  • 1

    Yes! That was exactly how it went!!
  • 0
    how to disable it on nginx? please somebody tell!! I am spending hours not able to fucking disable it
  • 1
Add Comment