[jefftk]

> it's because it is the only browser today that correctly implements CORS

What's the difference in their CORS implementations? As far as I know all three major browser engines follow the modern spec.

[BeefWellington]

Firefox correctly implements the behaviour when CORS is not properly configured, rather than failing to "the old way".

[jefftk]

Huh? If I have a resource I serve without Access-Control-Allow-Origin headers, all three browser engines won't make it available in cross-origin contexts. [1]

For example, here are a pair of pages which make a cross-origin fetch for a resource that either does (yes-cors) or does not (no-cors) opt into cross-origin resource sharing. In all three browsers yes-cors displays the contents of the resource, and no-cors (correctly) displays "error".

https://www.kingfisherband.com/test/yes-cors

https://www.kingfisherband.com/test/no-cors

[1] With the exception of some standardized legacy cross-origin contexts like images, but then they all protect the contents in the same way.