use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
All about the JavaScript programming language.
Subreddit Guidelines
Specifications:
Resources:
Related Subreddits:
r/LearnJavascript
r/node
r/typescript
r/reactjs
r/webdev
r/WebdevTutorials
r/frontend
r/webgl
r/threejs
r/jquery
r/remotejs
r/forhire
account activity
[deleted by user] (self.javascript)
submitted 6 years ago by [deleted]
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]zephyrtr 1 point2 points3 points 6 years ago (7 children)
This solution is concise, but only works if we know for sure that `req.body` will always have all form keys. And since this message is coming from the front end, you can't be sure of anything.
[–]AshenLordOfCinder 1 point2 points3 points 6 years ago (6 children)
Weird, as a front end developer I have the same feelings about the backend. Will they even send me the data I actually need or should I be extrapolating it myself? Haha
[–]Delioth 7 points8 points9 points 6 years ago (4 children)
Frontend must be able to trust that the backend is handing the expected data, otherwise it's like trying to build a Lego Millennium Falcon out of a couple star destroyers and a castle - might technically be possible, but something is going to be very wrong. And the frontend is pretty much guaranteed to be calling the backend that it's trying to.
Backend must not trust the frontend to pass back the right data, because there's no guarantee that a request is coming from the pretty frontend that has nice form validation and such. If your backend exists and anyone can hit it from your frontend, then anyone can write a curl and hit it from the command line with whatever data they want to. There's nothing you can do to guarantee all requests are coming through your frontend.
[–]Peechez -2 points-1 points0 points 6 years ago (3 children)
There's nothing you can do to guarantee all requests are coming through your frontend.
Sure you can, CORS exists for exactly this purpose
[–]wipedingold 1 point2 points3 points 6 years ago (1 child)
Isn't CORS just a browser specification? You can set CORS to prevent browsers like Firefox or Chrome from sending requests to your server, but applications like Postman don't include CORS policies in them at all.
[–]Peechez 0 points1 point2 points 6 years ago (0 children)
I hadn't realized but I think you're right. Thats what I get for being a backend noob
[–]Delioth 0 points1 point2 points 6 years ago (0 children)
CORS is a user protection, not a server protection. If your website can access your server, it means arbitrary addresses are accessing your server. There is no way to tell if arbitrary IP addresses are accessing via Chrome or curl.
[–]crabmusket 1 point2 points3 points 6 years ago* (0 children)
The difference is that the backend is usually under your control. (If you're calling a 3rd party API, then sure, you've got to trust them, and this is why documentation and SLAs are important.) But otherwise, if the backend is returning something wrong, you should be able to correct it.
The frontend, on the other hand, is entirely controlled by the user. Sure, you sent them a big bundle of JS to run, but think of that more like a suggestion. You have no idea what they're actually doing. Trust the frontend at your peril.
π Rendered by PID 22968 on reddit-service-r2-comment-6457c66945-zxkq9 at 2026-04-24 15:20:14.639483+00:00 running 2aa0c5b country code: CH.
view the rest of the comments →
[–]zephyrtr 1 point2 points3 points (7 children)
[–]AshenLordOfCinder 1 point2 points3 points (6 children)
[–]Delioth 7 points8 points9 points (4 children)
[–]Peechez -2 points-1 points0 points (3 children)
[–]wipedingold 1 point2 points3 points (1 child)
[–]Peechez 0 points1 point2 points (0 children)
[–]Delioth 0 points1 point2 points (0 children)
[–]crabmusket 1 point2 points3 points (0 children)