Jump to content

Recommended Posts

3 hours ago, Nestor Perez said:

Why would you make a request to an API requiring a token from a browser? You'd be leaking your token.

For sure we won't put the token in our front end code 😂 But currently there are some endpoints (e.g. /rating/{cid}/rating_times) which are accessible without a token. Just assuming they are open to public and does not require the token... Isn't it intended?

Wenlue Zhang | Contact me

Senior Controller (C3)
P.R.China Division Webmaster (VATPRC8) 

spacer.png

Link to post
Share on other sites
  • 2 weeks later...
On 11/4/2020 at 12:26 PM, Wenlue Zhang said:

For sure we won't put the token in our front end code 😂 But currently there are some endpoints (e.g. /rating/{cid}/rating_times) which are accessible without a token. Just assuming they are open to public and does not require the token... Isn't it intended?

Yes, certain endpoints are public and do not require token authentication.

Ryan Bentley
Senior Developer
## [email protected]
Facebook Twitter Instagram
VATSIM Logo
Link to post
Share on other sites
On 11/15/2020 at 12:03 AM, Ryan Bentley said:

Yes, certain endpoints are public and do not require token authentication.

But now we can't just call public endpoints from a browser because of CORS issue. Instead, we have to write backend code acting as a "proxy" to expose the data to the front end. Just for confirmation, is it also a expected behaviour?

Wenlue Zhang | Contact me

Senior Controller (C3)
P.R.China Division Webmaster (VATPRC8) 

spacer.png

Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...