search

4chan / 4chan-API

Documentation for 4chan's read-only JSON API.
http://www.4chan.org/
1.03k stars 74 forks source link

No CORS headers #35

Closed franzwr closed 8 years ago

franzwr commented 8 years ago

CORS is supported with an origin of http(s)://boards.4chan.org

Persuing the response headers, I see no Access-Control-Allow-Origin header in either boards.4chan.org or a.4cdn.org.

screen shot 2016-01-05 at 17 05 02

screen shot 2016-01-05 at 17 09 11

desuwa commented 8 years ago

You won't get back access control headers if you don't send the right Origin.

~ > curl -I -H "Origin: http://boards.4chan.org" http://a.4cdn.org/boards.json
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://boards.4chan.org
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Headers: If-Modified-Since
franzwr commented 8 years ago

I see, I thought said headers (allowing only boards.4chan.org) would appear from any origin. Thanks!

ccd0 commented 8 years ago

@desuwa Why are you still trying to get visitors to install malware?

floens commented 8 years ago

mad cash