CORS allows websites to specify which resources (other than their "same origin") can access their information. A simple is how jquery allows any website to access jquery scripts from their CDN.
CORS also works on the local network, or even localhost, as the author has discovered for himself here. Uses in these spaces are less ubiquitous, but if you have ever needed to set up a web enabled resource in these spaces, you may need CORS. I'll give some theoretical uses here:
1. A company sells routers. They host a webpage at company.com that makes requests to your router at <scary ip>
2. A company sells a big, expensive hardware component that attaches to your computer. To manage this component, they set up a website at company.com, and the component sets up a website on your computer. Company.com makes requests to localhost, to manage that big, expensive component.
The actual issue here is that companies setting up these websites at localhost and in your local network do not securely set up CORS (see Zoom, other issues). Although it would be unreasonable to kill these use cases, it would be reasonable to require the user of the browser to check off that a localhost or local network request is okay.
CORS also works on the local network, or even localhost, as the author has discovered for himself here. Uses in these spaces are less ubiquitous, but if you have ever needed to set up a web enabled resource in these spaces, you may need CORS. I'll give some theoretical uses here:
1. A company sells routers. They host a webpage at company.com that makes requests to your router at <scary ip>
2. A company sells a big, expensive hardware component that attaches to your computer. To manage this component, they set up a website at company.com, and the component sets up a website on your computer. Company.com makes requests to localhost, to manage that big, expensive component.
The actual issue here is that companies setting up these websites at localhost and in your local network do not securely set up CORS (see Zoom, other issues). Although it would be unreasonable to kill these use cases, it would be reasonable to require the user of the browser to check off that a localhost or local network request is okay.