If the underlying hypothesis that overworked developers are bad developers is true (and I believe it is), then it should be a competitive advantage to not overwork your developers.
Yeah, except what this actually means is, "You don't have any interests outside of work and you do not have kids that may take you away from work and you don't have a SO/spouse to tell you that you're being taken advantage of."
It's not really about your interests, it's about you being naive.
That's the kind of solution I've used before when performing reflection in a tight loop. The important thing there is to cache the result of the compiled expression or the dynamic IL code because the compile time/emit is slower than a single use of reflection.
You can use it to identify unsophisticated attacks, sure.
However, if someone has the ability to make malicious HTTP requests on my behalf using my browser can you really be sure that they don't have the ability to make malicious HTTP requests with altered headers through a malicious extension or a browser specific exploit or some other vector?
You still have to do all the other attack mitigation strategies in addition to checking the Origin header, and I'm not sure the extra complexity buys you anything in the long-term.
Maybe lead with that it is a CRUD package for the Python framework Flask rather than expecting readers to be familiar with the Python ecosystem enough to be aware of what it is?
I spent two weeks in the hospital from my chronic insomnia once, anybody who tells me I just need to relax or stop reading in bed is about as helpful as someone who tells somebody with chronic depression to cheer up.
Not everything is in your head, and no amount of positive thinking will change that.
I would go so far as to say that if you're in a dispute with anyone and they tell you you're not allowed to have a lawyer present, you damn well better have a lawyer present.