[DarthNebo]

Would running client-side youtube-dl in WASM fix the issue since Kapwing wouldn't be invoking youtube-dl from their backend.

YouTube is in such weird spot because they want to maintain free access to content yet limit how people access it without a pay-wall which OTT players like Netflix etc have been doing since long.

[neoberg]

No because youtube-dl requires a connection that is not limited by CORS.

[zo1]

Tinfoil hat mode: CORS enforced in the browser and other such related "privacy" tech were pushed by Google and big tech to prevent stuff like this. Turning the browser into a consumption platform with an encrypted pipe between your screen and the server. As opposed to the browser being an agent acting on the user's behalf.

[kevincox]

I think your Tinfoil hat is misplaced. CORS was a hack added to fix the "bug" that cookies are sent cross-origin by default. Without CORS (and modern per-origin cookie jar policies) evil.example could load up https://facebook.com/api/friends.json and get a list of your friends or profile.json to read your profile. CORS was an ugly bandaid to prevent this without breaking existing sites.

I agree that CORS is a pain and a mess but it had very clear and non-nefarious benefits when it was introduced. Maybe when all browsers only support origin-isolated cookie jars it can be obsoleted but I wouldn't hold my breath.

[Tajnymag]

I'm not sure CORS would allow such function.