Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
butz
on July 23, 2023
|
parent
|
context
|
favorite
| on:
Advice for Operating a Public-Facing API
What about CORS and CSP headers? Should public/open APIs use them and prevent building client side only apps?
JimDabell
on July 24, 2023
|
next
[–]
You don’t use CORS to prevent client-side only apps, you use CORS to allow them. CORS reduces security restrictions, it doesn’t add them.
gwbas1c
on July 23, 2023
|
prev
[–]
Why would you want to block that?
butz
on July 24, 2023
|
parent
[–]
I have stumbled upon several "open" APIs that had such "security measures" implemented, thus making them rather unusable. It would be a useful advice of what not to do, for anyone building public facing APIs.
Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
