Is prohibiting cookies a viable CORS alternative?
I have been using lots of various APIs in my frontend lately and they all have to be properly configured with CORS and the browser always do extra OPTIONS request that only make debugging harder.
I was wondering if there could be a way of disabling cookies for these requests for an application, would that work as a secure alternative to CORS?
E.g. something like that in the index.html file:
<disallow3dPartyCookies>
Then all requests to 3d party apis would be made without any cookie which would prevent all the issues that CORS is trying to solve.
Can this be an alternative to CORS, or would that not be "secure enough" and CORS prevents some other attacks/problems?
P.S. This is more of a theoretical question on whether a proposed solution (if implemented by browsers) would make any sense.
