Wenlue Zhang 0 Posted November 4, 2020 Share Posted November 4, 2020 Hi, Just wondering if it is an intended behaviour for the API disallowing cross-origin requests? It seems to miss "Access-Control-Allow-Origin" and all other related headers in the response. Wenlue Zhang | Contact me Senior Controller (C3) P.R.China Division Webmaster (VATPRC8) Link to post Share on other sites
Nestor Perez 83 Posted November 4, 2020 Share Posted November 4, 2020 Why would you make a request to an API requiring a token from a browser? You'd be leaking your token. Néstor Pérez A Random Platypus [email protected] Link to post Share on other sites
Wenlue Zhang 0 Posted November 4, 2020 Author Share Posted November 4, 2020 3 hours ago, Nestor Perez said: Why would you make a request to an API requiring a token from a browser? You'd be leaking your token. For sure we won't put the token in our front end code 😂 But currently there are some endpoints (e.g. /rating/{cid}/rating_times) which are accessible without a token. Just assuming they are open to public and does not require the token... Isn't it intended? Wenlue Zhang | Contact me Senior Controller (C3) P.R.China Division Webmaster (VATPRC8) Link to post Share on other sites
Ryan Bentley 22 Posted November 14, 2020 Share Posted November 14, 2020 On 11/4/2020 at 12:26 PM, Wenlue Zhang said: For sure we won't put the token in our front end code 😂 But currently there are some endpoints (e.g. /rating/{cid}/rating_times) which are accessible without a token. Just assuming they are open to public and does not require the token... Isn't it intended? Yes, certain endpoints are public and do not require token authentication. Ryan Bentley VATSIM Senior Developer [email protected] Link to post Share on other sites
Wenlue Zhang 0 Posted November 20, 2020 Author Share Posted November 20, 2020 On 11/15/2020 at 12:03 AM, Ryan Bentley said: Yes, certain endpoints are public and do not require token authentication. But now we can't just call public endpoints from a browser because of CORS issue. Instead, we have to write backend code acting as a "proxy" to expose the data to the front end. Just for confirmation, is it also a expected behaviour? Wenlue Zhang | Contact me Senior Controller (C3) P.R.China Division Webmaster (VATPRC8) Link to post Share on other sites
Nestor Perez 83 Posted November 20, 2020 Share Posted November 20, 2020 It is for now indeed. None of that data gets updated gets updated too often, so we'd appreciate if you'd do some caching server-side 😛 1 Néstor Pérez A Random Platypus [email protected] Link to post Share on other sites
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now