You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm attempting to use the CORS module to block curl requests (or other rest client requests, such as chrome's excellent Postman). But it's not working.
Im guessing that CORS is only respected when making a request from a browser, and that a server to server request not protected with cors. If this is correct, how would I block a cross server request?
The text was updated successfully, but these errors were encountered:
The node-cors library currently short-circuits and performs no validation if no Origin HTTP header is passed in; this is why curl requests are going through correctly. The reason this is done is that if you were to restrict requests to say, example.com, a user could still easily spoof this in curl like so:
I'm attempting to use the CORS module to block curl requests (or other rest client requests, such as chrome's excellent Postman). But it's not working.
Im guessing that CORS is only respected when making a request from a browser, and that a server to server request not protected with cors. If this is correct, how would I block a cross server request?
The text was updated successfully, but these errors were encountered: