im in a love or hate relationship with the CORS policy, its intentions are good, but it’s easily bypassed so it ends up just confusing new developers and annoying everyone else.