If this is true, it's insane that this would work:

- why does CWS respond to cross-site requests?

- why is chrome sending the credentials (or equivalent) in these requests?

- why is the button enabled server-side and not via JS? Google must be confident in knowing the exact and latest state of your installed extensions enough to store it on their servers, I guess

▲

cxr 3 hours ago | parent [-]

It's not true. The person you're responding to has a habit of posting implausible-but-plausibly-plausible nonsense, and it's not how this works at all.

▲

lapcat 3 hours ago | parent [-]

I made the mistake of trying to skim the code hastily before I had to leave to run an errand, and yes it turns out I was wrong, but please refrain from the personal comments, and no, I don't have any such "habit."

▲

cxr 2 hours ago | parent [-]

Wrong again. (PS: The fact that you have now replied—which automatically disables comment deletion—is the only thing that prevented my removing it just now. So great job.)

▲

lapcat 2 hours ago | parent [-]

> The fact that you have now replied—which automatically disables comment deletion—is the only thing that prevented my removing it just now. So great job.

How was I supposed to know that you intended to delete it?

In any case, you may still have time to edit your comment, as I did with my erroneous root-level comment, since I can't delete that either, for the same reason.

	▲	cxr 2 hours ago \| parent [-]
		Not interested. You also shouldn't have done that. You broke the thread—exactly what HN's no-deleting-comments-that-have-replies check was created to prevent. Consider this: just stop being reckless.