8000 What is the reason for the current CORS policy, and can it be changed? · Issue #92 · 4chan/4chan-API · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
What is the reason for the current CORS policy, and can it be changed? #92
New issue
New issue
Open
Open
What is the reason for the current CORS policy, and can it be changed?#92
@slack-lean

Description

@slack-lean
slack-lean
opened on Jul 23, 2021

Currently, the CORS policy for the 4chan API (a.4cdn.org) only allows requests from boards.4chan.org and boards.4channel.org (at least according to the docs).

This policy can be bypassed anyway by using a CORS proxy or by manually setting the Origin header in a request.

The exception is that requests from a browser environment will be blocked because browsers disallow setting the Origin header for security reasons.

Unless I am misunderstanding something, I see no security risk in allowing all origins, because this API is explicitly read-only.

Is there any reason to still have this policy?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0