“sEniOr tEcHniCiaN”: “I don’t know what Blazor is. I write my projects in ASP.NET. You should just use ASP.NET”

Me: …”Blazor *is* ASP. This project is running on ASP.NET 6.”

“seNioR tEchNiCiaN”: “As previously stated, I don’t use Blazor. I don’t care what version it is.”

Yes, this is a real exchange from my ongoing problems with this idiot.
His attitude is what ticks me off the most.
He doesn’t know what CORS is.
He doesn’t understand that “ASP.NET” covers Blazor, Razor Pages, the old MVC stuff, web APIs, and more.
He doesn’t understand the difference between a web request being initiated from the browser via Fetch and a web request being initiated from the server. (“My ASP site is shown in the browser, so requests to the third party API aren’t originating from the server.”)

And yet has the arrogance to repeatedly talk down to me while I try to explain basic concepts to him in the least condescending way possible.

After going around and around in circles with him, he finally admitted to me that “he doesn’t actually know what the CORS configuration looks like or how to modify it, to be honest.”

I just wanna go home.

I HATE CORS I HATE CORS

In the Ruhr area (Germany) we have some very old, very strange words with strange meanings. One of those words is ‚Prutscher‘.
A Prutscher refers to a person who does things but never gets a good result, due to lack of knowledge or simple carelessness. Most of the time, Prutschers are people who are interested in certain subjects and often work in the related jobs, but who lack the motivation to properly train themselves, learn what there is to learn and to always keep up with their technologies .
Here are a few examples I've stumbled upon so far in my career:

- Developers in their 60's who read a book about PHP 25 years ago and decided to become a software developer. Since then haven't read anything about it. Who then now build huge spaghetti monoliths for large companies, in which they prefix every function, every variable and constant with their initials and, of course, use Hungarian notation.

- People who read half a fucking tutorial about <insert any fancy js framework here> and start blogging/tweeting about it

- Senior web developers who need to be told what the fuck CORS is and who can't even recognize CORS related errors in their browser console.

- People who have done nothing else for 18 years than building websites for companies on Wordpress 1.x and writing few lines of PHP and Javascript from time to time. Those who are now applying as a frontend dev due to the difficult economic situation and are surprised that they are not accepted due to a lack of experience.

- Developers who are the only ones working on Windows in the team and ask their Linux colleagues for help when Windows starts bitchin.

- People who have been coding for 30 years, have worked with ~42 languages ​​and don't know the difference between compiled and interpreted languages ​​in the job interview.

- Chief developers at a large newsletter-publisher who think it's a good idea to build your own CMS (due to a lack of good existing ones, of course).

- Developers who have been writing PHP applications for multinational corporations for 25 years and cannot explain how PHP is executed. They don't even know what the fucking OPcache is, let alone fpm. FML

- People who call themselves professional developers but never ever heard of DRY, KISS, boy-scout rule, 12-Factor App, SOLID, Clean Code, Design Patterns, ...

- Senior developers wondering why the bash script won't run on their fucking Windows machine.

- Developers who consider Typescript to be a hindrance and see no value in it.

- Developers using ftp for deployments in 2022

- Senior Javascript Developer applying for a job and for whom Integer is a primitive data type in JS.

- Developers who prefer to code without frameworks and libraries because they are only an unnecessary burden/overhead and you can quickly code everything up yourself.

- Developers who think configuring their server(s) manually is a good idea.

You fucking Prutscher. What you have already cost me in terms of work and nerves. I can't even put it into words how deeply I despise you. I have more respect for the chewing gum that has been stuck in my damn trash can for the past 3 years than I do for you guys. You are the disgrace of our profession. I will haunt you in your dreams and prefix every fucking synapse of your brain with MY initials.

As a well-known german band once sang in a very fitting song: I wouldn't even piss on you if you were on fire.

If you recognized yourself in one of the examples here: FUCK YOU!

So, yet another "senior" web developer employed by my contractor who utterly fails to understand CORS.

I mean, easy enough to config their servers to provide the headers. A good and quick buck.

But I swear the level of idiocy I find in so called "seniors" infuriates me. I swear, he didn't even figure out that

A) you can't make the browser omit the Origin header.
(But it works on curl 😭😭😭)

B) it's the *server* who must include access-control-allow-origin in the response, not you in the request. Like, what use would that be? I don't even...

😞

I guess if I ever need to hire web devs again my only question during the interview will be "explain CORS to me".

Cors...

Started new job at startup and finished all the development environment setup started development it was going smooth for one week.all the created API were working fine on the next day morning without any changes API's were giving cors error.asked my senior what must be the problem he said bypass cors and figure out the problem after trying for 1hrs i couldn't figure out what was the problem but API's were back to normal without any changes. then after sometime same day in zoom call i asked what was the problem he said show me the error but I couldn't reproduced the same cors error he then lectured me for 1 hrs and after that he said that learn to solve by your own dont come with silly mistake like this to me.
I don't know what was the problem he even refused me show to what the problem was.

CORS is shit
Stupid useless shit that protects from nothing. It is harmful mechanism that does nothing but randomly blocks browser from accessing resources - nothing more.

Main idea of CORS is that if server does not send proper header to OPTIONS request, browser will block other requests to that server.

What does stupid cocksuckers that invented CORS, think their retarded shit can protect from?
- If server is malicious, it will send any header required to let you access it.
- If client has malicious intents - he will never use your shit browser to make requests, he will use curl or any ther tool available. Also if server security bases on something as unreliable as http headers it sends to the client - its a shit server, and CORS will not save it.

Can anyone give REAL examples when CORS can really protect from anything?

OK I need some help. I need to make sure I’m not losing my mind.

We are using an ERP which is hosted by another company. We are supposed to be able to access the data via a REST API. This works fine using Insomnia or Postman, but when I attempt to hit the API from my web application, CORS blocks the localhost origin.

I contacted the company’s technical team to request that they change the CORS configuration to allow localhost. They keep running me around in circles telling me that I don’t know what I’m talking about because localhost isn’t a DNS resolvable name and I’m doing something wrong and they don’t need to change any configuration.

They insist that if anything would need white listed, it would be my IP, not localhost.

I sent them screenshots and stack overflow posts and documentation links, showing them exactly what headers need to be set and where the configuration needs to be set in the ERP. They tell me I don’t know what I’m talking about.

They tell me that if I can hit the API from Postman, I can hit it from my browser.

Am I losing my mind? Have I fundamentally misunderstood CORS all these years? I’m sure I’m right. But I’m starting to feel like I’m crazy.

Explain to me why CORS isn't the dumbest thing I've ever heard of?

I can make requests from outside the browser but not from within? Hah?

hey, so i have recently started learning about node js and express based backend development.

can you suggest some good github repositories that showcase real life backend systems which i can use as inspiration to learn about the tech?

like for eg, i want to create a general case solution for authentication and profile management : a piece of db+api end points + models to :

- authenticate user : login/signup , session expire, o auth 2 based login/signup, multi account login, role based access, forgot password , reset password, otp login , etc

- authorise user : jwt token authentication, ip whitelisting, ssl pinning , cors, certificate based authentication , etc (

- manage user : update user profile, delete user, map services , subscriptions and transactions to user , dynamic meta properties ( which can be added/removed for a single user and not exactly part of main user profile) , etc

followed by deployment and the assoc concepts involved : deployment, clusters, load balancers, sharding ,... etc

----

these are all the buzzwords that i have heard that goes into consideration when designing a secure authentication system for a particular large scale website like linkedin or youtube. am not even sure how many of these concepts would require actual codelines and how many would require something else.

so wanted inspiration from open source content to learn about it in depth, replicate and create new better stuff if possible .

apart from that, other backend architectures like video/images storage system, or just some server for movie, social media, blog website etc would also help.

Is there any point in using cors without declaring the origin header?