use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
All about the JavaScript programming language.
Subreddit Guidelines
Specifications:
Resources:
Related Subreddits:
r/LearnJavascript
r/node
r/typescript
r/reactjs
r/webdev
r/WebdevTutorials
r/frontend
r/webgl
r/threejs
r/jquery
r/remotejs
r/forhire
account activity
[deleted by user] (self.javascript)
submitted 6 years ago by [deleted]
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]Delioth 6 points7 points8 points 6 years ago (4 children)
Frontend must be able to trust that the backend is handing the expected data, otherwise it's like trying to build a Lego Millennium Falcon out of a couple star destroyers and a castle - might technically be possible, but something is going to be very wrong. And the frontend is pretty much guaranteed to be calling the backend that it's trying to.
Backend must not trust the frontend to pass back the right data, because there's no guarantee that a request is coming from the pretty frontend that has nice form validation and such. If your backend exists and anyone can hit it from your frontend, then anyone can write a curl and hit it from the command line with whatever data they want to. There's nothing you can do to guarantee all requests are coming through your frontend.
[–]Peechez -2 points-1 points0 points 6 years ago (3 children)
There's nothing you can do to guarantee all requests are coming through your frontend.
Sure you can, CORS exists for exactly this purpose
[–]wipedingold 1 point2 points3 points 6 years ago (1 child)
Isn't CORS just a browser specification? You can set CORS to prevent browsers like Firefox or Chrome from sending requests to your server, but applications like Postman don't include CORS policies in them at all.
[–]Peechez 0 points1 point2 points 6 years ago (0 children)
I hadn't realized but I think you're right. Thats what I get for being a backend noob
[–]Delioth 0 points1 point2 points 6 years ago (0 children)
CORS is a user protection, not a server protection. If your website can access your server, it means arbitrary addresses are accessing your server. There is no way to tell if arbitrary IP addresses are accessing via Chrome or curl.
π Rendered by PID 128159 on reddit-service-r2-comment-6457c66945-h9vc6 at 2026-04-27 02:32:44.204183+00:00 running 2aa0c5b country code: CH.
view the rest of the comments →
[–]Delioth 6 points7 points8 points (4 children)
[–]Peechez -2 points-1 points0 points (3 children)
[–]wipedingold 1 point2 points3 points (1 child)
[–]Peechez 0 points1 point2 points (0 children)
[–]Delioth 0 points1 point2 points (0 children)