|
|
|
|
|
|
by bjohnso5
4410 days ago
|
|
|
Quick suggestion: rather than having your headers return 'Access-Control-Allow-Origin' '*';, you're better off echoing the requesting domain back, so that in the future you'll be able to maintain a whitelist of registered domains. Prevents usage from any-old-domain (though I realize you have authorization already built into some parts of your API). |
|
|