Indeed. CORS is useful only against CSRF due to the post context. About Spectre and Meltdown not be effective through the browsers, I could not agree 100%, since just recently (2 weeks ago) Firefox released Site Isolation in a solid response for such attacks. Still, thinking about thousands of users using outdated or old browsers, create a barrier in your application is a must-have recommendation to ensure an extra layer of security until old or outdated browsers are in use. So don't ignore such features if you can.
It's not about ignoring security features in browsers. You are attempting to correlate/associate irrelevant vulnerabilities as being able to be defended against using CORS, etc. That's simply not the case and spreads misinformation.
Not sure what you are meaning about spread misinformation, but for you, CORS can't be used to defend against CSRF attacks? CORP/CORB can't be used against Spectre/Meltdown attacks? I would love to know where you're studying because my references say exactly the opposite.
Indeed. CORS is useful only against CSRF due to the post context. About Spectre and Meltdown not be effective through the browsers, I could not agree 100%, since just recently (2 weeks ago) Firefox released Site Isolation in a solid response for such attacks. Still, thinking about thousands of users using outdated or old browsers, create a barrier in your application is a must-have recommendation to ensure an extra layer of security until old or outdated browsers are in use. So don't ignore such features if you can.
It's not about ignoring security features in browsers. You are attempting to correlate/associate irrelevant vulnerabilities as being able to be defended against using CORS, etc. That's simply not the case and spreads misinformation.
Not sure what you are meaning about spread misinformation, but for you, CORS can't be used to defend against CSRF attacks? CORP/CORB can't be used against Spectre/Meltdown attacks? I would love to know where you're studying because my references say exactly the opposite.
Just some of my references to lead you to learn more about such a topic: