osm-teams icon indicating copy to clipboard operation
osm-teams copied to clipboard
verified publisher icon developmentseed

Dynamic CORS

Open kamicut opened this issue 6 years ago • 1 comments

Right now we are allowing CORS for all incoming requests. We can figure out a mechanism by which we only allow CORS for clients that have registered with osm teams. This could add an extra layer of security.

kamicut avatar Aug 24 '19 01:08 kamicut

@kamicut Are CORS requests yet allowed? I'm having this error:

Access to fetch at 'https://mapping.team/api/my/teams' from origin 'http://127.0.0.1:3000' has been blocked by CORS policy:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

willemarcel avatar Jan 16 '23 13:01 willemarcel