Thank you for this article, the exact set of issues I too fixed recently. I did have few questions which I haven't found answers for yet, maybe you can share your experience,
Would adding the origin from the request header in Access-Control-Allow-Origin make an API any less secure? I was inclined towards this when an API I was developing would be used by multiple client applications.
Should the CORS related headers be added only for browser originated requests? Any security issues if they are present for non-browser requests too?
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thank you for this article, the exact set of issues I too fixed recently. I did have few questions which I haven't found answers for yet, maybe you can share your experience,
Would adding the origin from the request header in Access-Control-Allow-Origin make an API any less secure? I was inclined towards this when an API I was developing would be used by multiple client applications.
Should the CORS related headers be added only for browser originated requests? Any security issues if they are present for non-browser requests too?