Show HN: Include this JS library to enable cross-origin requests

Overwhelmingly terrible idea. Routing your web site traffic through an entirely unknown third party server. Overwrite the global XMLHttpRequest object.<p>Please tell me this is a joke to show off terrible security practise?

Routing all your x-domain requests through an unknown third part via vanilla HTTP? What could possibly go wrong?

Please don&#x27;t use this. JSONP and CORS are the accepted methods for cross origin requests.

How is this remotely trending? Yes, HN, let&#x27;s vote a MITM attack to the frontpage. This is a terrible idea.

This is just a proxy. If developers wanted to go this route they would set up the proxy on their own server instead of routing it through a 3rd party.

If you need to ask why it is bad to route traffic through an untrusted third party over HTTP, for the love of god stop building web applications. This is not the right tool for the problem it&#x27;s trying to solve.

I would let the users know that requests get routed through a server you control.

I&#x27;ll probably never use this library for anything, but I&#x27;ve submitted a pull request that takes out their 3rd party proxy and merely suggests it in the error that is thrown if you don&#x27;t define your own. <a href="https://github.com/TOMODOcom/TOMODOkorz/pull/1" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;TOMODOcom&#x2F;TOMODOkorz&#x2F;pull&#x2F;1</a>

Seems a cool idea to use with mockups and prototypes, but an awful idea to use in a serious product.

If you trust Yahoo!, you can try proxying requests via Yahoo Pipes for Cross-Origin support. Not that I recommend it, though.<p>[1]: <a href="https://gist.github.com/psychemedia/316660" rel="nofollow">https:&#x2F;&#x2F;gist.github.com&#x2F;psychemedia&#x2F;316660</a>