0
okay
3y

Is there any point in using cors without declaring the origin header?

Comments
  • 0
    The question is, how well do you trust your users?

    I have made lots of calls to open APIs that don't properly use CORS.

    if they had properly locked it down, then I would be required to use their UI instead of automating everything from a script.

    Nothing like pulling back 1.5 million records every 15 minutes just to see what the latest changes were (thanks FDA).
Add Comment