Thank you for the awesome post
i can see another way if you API only responds to you website or at least web based application CORS strategy would be a good way to prevent scraping because you only accept requests from some certain domains, i can see the CORS is not a bullet proof as we can design a bot that opens a website then types queries as a regular user but that would make the process very tedious and hard to do.
Thanks for the feedback. Using browser based bots like puppeteer or selenium to simulate user behavior is quite effective, especially if the website is kind of annoying to scrape because it runs a lot of client side processing that you don't want to reverse engineer.
Though CORS really only protects you from browsers which also includes WebKit or webview based applications (eg: react) because the browser devs don't let you tamper with the origin header. Outside of regular browser contexts, CORS doesn't mean anything since you can supply your own origin header.
I've devised workflows for getting around CORS while still using development tools like react to build cross platform apps, and agree that CORS is generally quite effective for certain kinds of applications.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thank you for the awesome post
i can see another way if you API only responds to you website or at least web based application CORS strategy would be a good way to prevent scraping because you only accept requests from some certain domains, i can see the CORS is not a bullet proof as we can design a bot that opens a website then types queries as a regular user but that would make the process very tedious and hard to do.
Thanks for the feedback. Using browser based bots like puppeteer or selenium to simulate user behavior is quite effective, especially if the website is kind of annoying to scrape because it runs a lot of client side processing that you don't want to reverse engineer.
Though CORS really only protects you from browsers which also includes WebKit or webview based applications (eg: react) because the browser devs don't let you tamper with the origin header. Outside of regular browser contexts, CORS doesn't mean anything since you can supply your own origin header.
I've devised workflows for getting around CORS while still using development tools like react to build cross platform apps, and agree that CORS is generally quite effective for certain kinds of applications.