|
|
|
|
|
|
by afavour
375 days ago
|
|
|
I think you’re making those restrictions out to be bigger than they are. Does no-cors allow a nefarious company to send a POST request to a local server, running in an app, containing whatever arbitrary data they’d like? Yes, it does. When you control the server side the inability to set custom headers etc doesn’t really matter. |
|
|
I didnt mean it to come across that way. The spec does what the spec does, we should all be aware of it so we can make informed decisions.