Suggestion: Custom CORS Header?

[SX-9]

Now, Every website can access our Discord status with the lanyard API but with custom CORS (cross-origin resource sharing) headers we can set what websites can access our status.

[SpatzlHD]

Tbh this doesn't seem like a good idea. If you are concerned about sharing your activities with the entire world why would you blast out your activities on discord in the first place... Or let's say you want to test your project locally would you set the cors header to your own IP address? Probably not. And there are also some projects like the GitHub profile readme card thing etc. And if I want to use some of those tools I don't want to add a new cors header every time. And cors only protects browser from accessing the API. If you use for example node.js you can still pull all the information by just ignoring cors header... So if you really want to protect the data from being accessed by anyone the best option would be to just add API keys to the request that you have to add. But tbh this will probably not be added to the project as only a really small subset of the users (I know nobody expect you) have a problem with current system.

[wont-stream]

This still won’t prevent backends from accessing your data. Like @SpatzlHD mentioned if you don’t want random people to see your activity don’t allow discord to publish your activity. Let alone using lanyard.

[neu-ma-tic]

or if you actually want this feature, use nginx

i think it's an xyproblem.info