> Backend engineers don't need to know about cross-site scripting, CORS and a bunch of other things that have been standardised and built into browser security
I agree that frontend and backend development are deep enough on their own that they require specialization for complex projects. But lacking even basic knowledge of how other parts of the stack can by an issue IMO.
You mentioned CORS for example. One time I had to explain to a co-worker, who was a senior level backend dev, why the browser’s calls to his API were failing due to CORS. He couldn’t understand why the fix had to be on his end. When he tested the API with Postman the same requests were succeeding after all. It was shocking to me that someone at his level was not familiar with what was happening. Sure, it requires knowledge of browser behavior but it’s still relevant to the person writing the API.
Beyond that, I find that having a little full stack knowledge helps with inter-team communication.
While I agree that he should have some knowledge about the CORS issue, I disagree that it's a backend problem.
It's the engineering/architecture problem. There's no reason why you couldn't build a proxy on the same domain as your front end app and proxy the request to the backend.
It sounds like his interface (API) was built before you even started consuming it. Maybe adding such headers increased the scope of complexity for his API and tests. I don't know the circumstances, but I disagree the fix HAS to be on his end.
I agree that frontend and backend development are deep enough on their own that they require specialization for complex projects. But lacking even basic knowledge of how other parts of the stack can by an issue IMO.
You mentioned CORS for example. One time I had to explain to a co-worker, who was a senior level backend dev, why the browser’s calls to his API were failing due to CORS. He couldn’t understand why the fix had to be on his end. When he tested the API with Postman the same requests were succeeding after all. It was shocking to me that someone at his level was not familiar with what was happening. Sure, it requires knowledge of browser behavior but it’s still relevant to the person writing the API.
Beyond that, I find that having a little full stack knowledge helps with inter-team communication.