>>0x000006

> Random Thought: Do you think CORS policy is pointless since anyone who wants to circumvent it can configure a CORS proxy?

It's not about stopping people from making arbitrary requests to your site. They don't even need a browser to do that, they can do that with curl just fine. It's about stopping people from making arbitrary requests from a user's browser with the user's credentials.

If a script on evil.com sends a request to gmail.com to download all of the signed-in user's emails, that will be blocked by CORS, because that endpoint is not accessible cross-origin (for hopefully obvious reasons). If a script on evil.com instead kicks off a request to a cors-proxy to try the same thing - literally nobody gives a shit, because the cors proxy doesn't have the user's gmail cookie.

I tried to be a programmer, many times, over several decades. And it just never clicked for me.

My inadequacy as a programmer far surpasses you, macho man. Don't let them poo on yoo.

>>0x000008

> I tried to be a programmer, many times, over several decades. And it just never clicked for me.

It didn't click for me the first times I tried either. But don't take that as a recommendation from me to give it another try. The worst case scenario is this time around will be the time that it does click for you, and you'll waste an enormous amount of your life on software that you wouldn't otherwise waste. :)