Just something to note.
Websocket connections don't enforce CORS. So that's another alternative - host all of you APIs via websockets.
This feels like a bad idea, there's a reason why we have CORS.
forget @trick-or-treat, I love it.
What happens when his users expose secrets with this thing and an attacker runs up a huge api bill? Pull the plug on this OP.
[dead]
Just something to note.
Websocket connections don't enforce CORS. So that's another alternative - host all of you APIs via websockets.
This feels like a bad idea, there's a reason why we have CORS.
forget @trick-or-treat, I love it.
What happens when his users expose secrets with this thing and an attacker runs up a huge api bill? Pull the plug on this OP.
[dead]