What the fuck is CORS, I can type the URL into my browser and download the file, but running a HTTP request from within a page is denied? Wtf kind of dumb no logic behaviour is this

Http request is cross origin.
Using browser URL is same origin.

🤷‍♂️

@C0D4 how does the browser make the HTTP request then? What does it set the origin header as when GET'ing the url? How does it circumvent it wtfff

You making a request is way different than a page making a request.

It's for your security, it's all client side, browser can fetch anything without caring about CORS, it's the browser who doesn't allow other websites to make request with your cookies, when you type something in address bar, there is no security risk in fetching.

@theabbie true true

So technically you could make a middleman API that fetches resources for you circumventing CORS? if you and the middleman have accepting CORS, then the middleman just fetches the resource normally, and serves it to you?

@lopu yeah, you could do that, but if you control the server where you're fetching from, better option would be to allow CORS request, you only need to set 2 headers, if you don't control it, middleman thing can work.

Ugh, really?

@Root My thoughts exactly. I've now lost track of the number of times I've explained on here why it's necessary, why it's not security that's defeated by making the same request on the backend, and why it's generally not usually required anyway.

There are many free food
cors proxy services, though most are slow or unreliable

@theXpanther
Also I ran into an issue where Instagram detected the use of a proxy and shut down the request..