CORS - Githubissues

TripleParity / docks-api

RESTful API Server for Docks

https://tripleparity.github.io/docks-api/stack-api-spec.html

GNU General Public License v3.0

0 stars 0 forks source link

CORS #3

Closed devosray closed 6 years ago

devosray commented 6 years ago

Currently, the API blocks all requests with invalid CORS origins. Adding a package to the API to allow requests from all hosts is simple, but a possible security vulnerability.

Since the API is meant to be consumed by different clients, it makes sense to disable CORS. However, the API exposed is extremely powerful and can grant root access over HTTP.

Any suggestions? Should we disable CORS completely and rather make use of authentication/login to secure the API?

egeldenhuys commented 6 years ago

However, the API exposed is extremely powerful and can grant root access over HTTP.

Any suggestions? Should we disable CORS completely and rather make use of authentication/login to secure the API?

See #6 for authentication