In the case of a web app, if the static front-end is served from a domain name example.com, you'd probably want your backend to allow CORS only for requests coming from that origin.
I know it's not the same use case as your example, which is adding an open CORS on top of a public API, but I was wondering how that would work.
Let's say we want to make a GraphQL API for XKCD, but have it work only with our own front-end (for some reason).
We'd publish the server that queries the XKCD API and exposes a GraphQL endpoint on Now, but allowing CORS only from whatever domain name we've bound to our front-end static server (could also be Now, or Surge, or whatever static hosting service there is out there).
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
In the case of a web app, if the static front-end is served from a domain name example.com, you'd probably want your backend to allow CORS only for requests coming from that origin.
I know it's not the same use case as your example, which is adding an open CORS on top of a public API, but I was wondering how that would work.
Let's say we want to make a GraphQL API for XKCD, but have it work only with our own front-end (for some reason).
We'd publish the server that queries the XKCD API and exposes a GraphQL endpoint on Now, but allowing CORS only from whatever domain name we've bound to our front-end static server (could also be Now, or Surge, or whatever static hosting service there is out there).