|
|
|
|
|
|
by cakoose
1359 days ago
|
|
|
> 3. Don't allow cross-platform requests in the first place; have your API consumers go through a server-side proxy on the same domain instead, or host it on the same domain in the first place. That works for first-party JS. Doesn't work for a public API used by others. Edit: Specifically purely client-side apps. For someone hosting a static HTML+JS app, it's annoying to have to set up and run a server-side route just to circumvent CORS. (Maybe not so bad with something like Next.js, where it's easy to add a backend route to your primarily static website.) And it adds an extra hop of latency to every request. |
|
|