Hacker News new | ask | show | jobs
by dvdcxn 2813 days ago
How do you prevent people proxying your API via a node service?

This is something I could never get my head around with CORS - what's the point of whitelisting origins if getting around the whitelist is nothing more than an inconvenience?
3 comments
Liquidor 2813 days ago
CORS is mostly used to prevent attacks from a browser script on a non-whitelisted website (CSRF etc.).

To prevent someone abusing your API otherwise, use an authentication method.

link
sciurus 2812 days ago
The user is still protected in that case.

If you create a proxy for foo.com, your javascript can't get the browser to send the user's cookies for foo.com to your proxy.

link
chii 2813 days ago
It's not free to run a proxy like that.
link