Scraping webpages is extremely useful and this would seem to combat this. It's also extremely useful by... oh yes... Google. And I'm sure they would find a way to whitelist their scrapers to index pages, but archive.org? Oh you're SOL.
What's really amazing about this whole thing is that it's more a guide as to not give bad (nit-pickey, overly critical, discouraging) code reviews, than how to give good ones. I think that alone should give us an idea about the state of code reviews in our current industry as a whole.
Here's one question that's always bugged me - What's stopping a malicious user from sending an HTTP request from any API client like Postman, or even Curl from the CL? Something like a post with: {transferTo: myAccountId, amount: 1000000000}?
Obviously in any nontrivial web app it would fail because of authentication issues, but if a server doesn't do ANY sort of security checking, that should work, no? Does that mean that the onus is on the server developer of mybank.com? And if so, what would stop the malicious request from working on any server developed before the existence of CORS?
FYI, for all the jaded readers/commenters (everyone?) I think this is just a an op-ed piece in the vein of "Why X Is Better Than Y" That Lucky Peach has been doing.
FYI, for all the jaded readers/commenters (everyone?) I think this is just a an op-ed piece in the vein of "Why X Is Better Than Y" That Lucky Peach has been doing.