The creators of CORS: “how can we develop an irritating mechanism that handicaps webapps abilities, in return for minor security benefits?”