[5e92cb50239222b]

Usually the same ones who then download plugins like

https://addons.mozilla.org/en-US/firefox/addon/access-contro...

because properly configuring the backend is ¨too complicated¨.

Been there, done that.

[hsbauauvhabzb]

You can use the origin announce headers from Firefox to block cors also, unsure if that works with chrome.

But I was referring to legacy code (or those whose SPA is stored on the same domain as API endpoints).