Who the hell thought it was a good idea to allow crossdomain XmlHttpRequests? Given that the standard say that post is for modification no other website should ever make thoes requsts.
The CORS standard for 'simple' POSTs is no different than what you can already submit via a form from a technological perspective. In that way, it actually makes a lot of sense.
And the whole point of CORS is that some websites do want to make those requests. ;-)
And the whole point of CORS is that some websites do want to make those requests. ;-)