You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A while ago I was planning creating a web-based client for Discuit, but as Discuit doesn't set any CORS headers, I ran into the following error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://discuit.net/api/_initial.
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
Are there any reasons why CORS headers aren't currently set? I think enabling CORS would be great for third-party developers :)
The text was updated successfully, but these errors were encountered:
No any particular reason other than no one's requested it before. And I don't think there would be an issue with allowing any origin to have to access to the API.
Fhis isn't directly related to CORS (I don't think?), but thought I'd bring it up here anyway, it's quite important for any web-based clients.
Issue being the Set-Cookie header and cookies set are inaccessible from JavaScript, meaning that a web client on a different origin wouldn't be able to access the SID which is set in a cookie. I believe the cause of this is that the SID and CSRF Token cookies are set as HTTP Only, but I'm going to do a bit of experimentation with this tomorrow (well... today actually but y'know), just leaving this here Incase anyone has anything to add
A while ago I was planning creating a web-based client for Discuit, but as Discuit doesn't set any CORS headers, I ran into the following error:
Are there any reasons why CORS headers aren't currently set? I think enabling CORS would be great for third-party developers :)
The text was updated successfully, but these errors were encountered: