previnder
commented
6 months ago No any particular reason other than no one's requested it before. And I don't think there would be an issue with allowing any origin to have to access to the API.
Open ttaylor-st opened 6 months ago
previnder
commented
6 months ago No any particular reason other than no one's requested it before. And I don't think there would be an issue with allowing any origin to have to access to the API.
ttaylor-st
commented
6 months ago Fhis isn't directly related to CORS (I don't think?), but thought I'd bring it up here anyway, it's quite important for any web-based clients.
Issue being the Set-Cookie header and cookies set are inaccessible from JavaScript, meaning that a web client on a different origin wouldn't be able to access the SID which is set in a cookie. I believe the cause of this is that the SID and CSRF Token cookies are set as HTTP Only, but I'm going to do a bit of experimentation with this tomorrow (well... today actually but y'know), just leaving this here Incase anyone has anything to add
^ nevermind, ignore the above, my brain wasn't functioning correctly
A while ago I was planning creating a web-based client for Discuit, but as Discuit doesn't set any CORS headers, I ran into the following error:
Are there any reasons why CORS headers aren't currently set? I think enabling CORS would be great for third-party developers :)