CORS is pretty tight. If the allowed origin is strictly from the host domain you're not going to have any problems with people poking around from postman.
Besides, the API you're connecting to should be secure in its own right if it's dealing with sensitive information lol. It's not up to a relay to protect data which is what this is, a weak bastion of sorts.
my curl/wget cares nothing about CORS. KOR is positioning positioning itself as a secure way to connect to http services requiring a secret by issuing a different KOR key and saying they'll detect miss-use. anyone can go to a site using KOR and see the KOR key, and curl the same request. it's a broken idea, and scary that there are tech folks out there such as yourself who don't understand it as such immediately
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
CORS is pretty tight. If the allowed origin is strictly from the host domain you're not going to have any problems with people poking around from postman.
Besides, the API you're connecting to should be secure in its own right if it's dealing with sensitive information lol. It's not up to a relay to protect data which is what this is, a weak bastion of sorts.
my curl/wget cares nothing about CORS. KOR is positioning positioning itself as a secure way to connect to http services requiring a secret by issuing a different KOR key and saying they'll detect miss-use. anyone can go to a site using KOR and see the KOR key, and curl the same request. it's a broken idea, and scary that there are tech folks out there such as yourself who don't understand it as such immediately