I don't want to run a web browser to run a desktop app. I don't care how useful it is to run JS and HTML from a dev standpoint it's an absolutely absurdity that my desktop app has a CORS vulnerability.
Yes, because CORS, a way that HTTP requests are restricted, doesn’t even exist in native. Of course a native app can reach out to any URL it wants. That is the default, and also how CORS functions when disabled or bypassed.
Honestly, if the other OSes had decent native apps for some of these things I would probably switch. There is just something wrong with Spotify using 1gb when it was just opened and never used.
Somehow a security feature in browsers called CORS, that isn't present at all in native apps, is both a vulnerability and a downside? I don't understand this line of thinking.
I could be wrong but I feel like literally running some kind of little mini virtualized instance and just running a desktop app meant for OSX or Windows could end up being more efficient than running a whole browser.....
Not necessarily. If you're running the browser anyway, and the app is a PWA and can share that same instance. The "browser" overhead is not really there.
A native app, lets say that wants to play video and is using a cross platform GUI. You've got to load and run that code, and have all the relevant code in the native app's address space. That would be a bunch of code that needs to load over the PWA which is leveraging something you have loaded in RAM anyway. In this case the native is actually worse than the PWA for resource utilization.
Launch CPU cycles can be similar, running a huge swath of GUI code for the native app vs a pre-loaded browser which only needs to run the JS and render the page.
Having your app's runtime already loaded on the system is a huge advantage.
Electron does not benefit from these advantages though. These are PWA exclusive advantages.
