> I've tried using the Same Origin Policy as an interview question in the past, but it's not a good question because the majority of candidates aren't familiar with it, so you learn very little by bringing it up.
For hiring frontend developers, I've found it to be an excellent question, as surely if you've been developing web apps, you essentially must have come across it at some point. If you haven't, I'd be asking more questions about how typically you'd communicate with a backend and so on. Some people have hit the issues related to CORS, worked around it the quickest possible way then forgot all about it, rather than understanding what's going on, also a useful signal for some roles.
Bit less good for backend roles, as not everyone has worked closely with a frontend team which tends to be the people hitting issues around CORS.
Frontend candidates who have worked with CORS still aren't able to explain SOP and why those policies exist, in my experience. CORS is seen an irritation to be worked around.
There are a few examples of that in this HN thread!
> Frontend candidates who have worked with CORS still aren't able to explain SOP and why those policies exist, in my experience
But that's exactly the kind of thing you want to surface in the hiring process with that question :) I guess it depends on if you're hiring juniors to be trained, or seniors to elevate your current team, but personally I'd skip very quickly on people who don't know the basics of their jobs, unless of course the point is to hire them to train them.