skittered

The error type I posted has answers to what it is and what causes it dating nearly a decade back .. it's an error, not some obscure unknown thing.

Your opinion does not provide a solution. I found and posted an error .. and got told off again .. there's nothing left to say.

As far as I understand it, CORS is a security thing that I have no control over, but it is a security thing that has the potential to affect me if it's broken.

.. what? .. following the specs isn't supported?

so the modern take is .. the modern browser does not need to follow the spec .. as long as it works .. regardless of whether or not it leaves a security hole

wonder what would have happened if i had specified i was using chrome and came across this issue while perusing the console log .. and was concerned because it's a security issue that chrome is apparently not concerned with.

Regardless of whether it's related to the ads on the page or the actual page content itself, everything I've read suggests that a CORS error is a security issue and that I should not be trying to circumvent it.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://floor.pbxai.com/?pubxId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&page=https://next.nexusmods.com/fallout3/collections&maxBid=null&bidDep=null&aucId=null (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Pale Moon v31.4.0 (2022-11-22) CORS support has been updated to the current spec. ** Most importantly, Pale Moon now accepts wildcard entries ("*") for the CORS statements Access-Control-Expose-Headers, Access-Control-Allow-Headers and Access-Control-Allow-Method. Note that wildcards are ignored (according to the spec) when credentials are passed. In 31.4.0, CORS has become stricter to adhere more closely to the CORS standard. ** --- If they are using CORS mode and want to pass credentials, the server has to send an access-control-allow-credentials header. .. Is there any easy solution to access this page until they will solve it? --- I'm afraid not. There's no mechanism to easily bypass CORS/SOP deliberately ** wondering who to blame for this

At this point the discussion is basically who's at fault for a spelling error, and no one wants to get a dictionary. There's nothing left to say.

You "do this for a living" .. so, test standard compliant code in Pale Moon, prove your point, otherwise, the question remains, why then do the standards exist?

And lazy coding prevents functionality where the standards are followed.

Choosing lazy functionality over the standard .. why then do the standards exist?

I'm dealing with it as best I can. I'm trying to help the community and the devs that run it but I'm getting told off because I'm using something that everyone assumes is out of spec, out of date and not worthy of their time. I pasted the possibly problematic code, a syntax error according to javascript validators, and the answer has been .. "it works in other browsers" .. not .. "thanks for pointing us toward where a problem might be" .. or .. "here's the spec that allows it" If it were a security issue it would get fixed immediately without blaming the browser for halting at it.

@1ae0bfb8 Your answer as a paid dev was "Take my advice as absolute" .. not .. "I tested it and Pale Moon failed"

I can view the collections home page, but I can't view any specific games collections page. Apparently there's not going to be an answer to this other than bashing Pale Moon.