CORS: Cross-Origin Resource-Sharing enabled using cors #22
Replies: 2 comments
-
I think when coming to CORS we always tend to enable CORS for all origins and from security point of view we just rely on server settings, like if we are hosting any server in EC2 instance and running our application using Nginx then we just depend on security groups (firewall) and the Nginx setting to allow the request from which origin. The problem is there might be a case when two application in running in same server or fronted and back-end running in same server then one having access to make the calls to application will have the access to make API calls to another application resources too. What we can do is add the concept of white labeling the origin. This will allow the request from only those origins we expect to avoid misuse of the API For the point of boilerplate its good to have enabled all origins to make request. |
Beta Was this translation helpful? Give feedback.
-
Using Expressjs cors module to implement this. |
Beta Was this translation helpful? Give feedback.
-
CORS: Cross-Origin Resource-Sharing enabled using cors
Beta Was this translation helpful? Give feedback.
All reactions