@amxmln well possibly. I'm not making comment on doing anything that requires any auth - I'm only using it to pull in a bunch of RSS feeds, to display the latest posts from various blogs on one page.
@amxmln@sarajw what security implications? CORS is about preventing browsers of sending cookies to third party domains so the host can’t exploit it. Here browser thinks it’s same domain so only same domain cookies are being passed.
@hey@sarajw Well, it’s a proxy that circumvents CORS because it’s no longer a browser making the request, but a server, that’s the whole point.
I might have something wrong here, but what I was referring to was that everything passed along in the request, such as auth tokens, API keys, etc. would run through Netlify’s servers to reach the destination. As would the response.
@amxmln@sarajw also unsure if in this case nocors mode of fetch would do the job as well. In this mode fetch ignores CORS while also refuses to send any credentials to the other domain.
@sarajw I got to know about this when I first deployed a react app on netlify, it was throwing a 404 for anything other than the home page — then it clicked to me that an SPA is a single page so let's redirect all calls to index.html and it worked — but it cost me a whole day to figure that out. This post https://syntackle.live/blog/deploying-react-app-to-netlify-XZ_dWXAd/ was born as a result :)
Add comment