[fraktl]

This.

But hey, with so many impostors around - they're not capable of fathoming how golden this advice is.

Sad truth is, since "developers" don't use this, they genuinely don't understand browsers and HTTP and that's what 's dangerous.

[blacktriangle]

This is just not an option for so many very legitimate use cases. Building client-side apps that aggregate and display information from multiple web services hosting on domains totally outside of my control is valuable.

[nhumrich]

Yes, but in those cases, you aren't the one worrying about cors. The services you use are.