5
Missing CORS prevents third-party web clients
(beehaw.org)
Support and meta community for Beehaw. Ask your questions about the community, technical issues, and other such things here.
A brief FAQ for lurkers and new users can be found here.
Our September 2024 financial update is here.
For a refresher on our philosophy, see also What is Beehaw?, The spirit of the rules, and Beehaw is a Community
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
CC: @Penguincoder@beehaw.org
Would be nice to fix so they can developer further Slemmy without hindrance
I see the request, thanks for the ping. Those CORS headers are not appropriate, it would essentially remove any protections that CORS offers. I'd rather not completely strip away that security for a single app, when others can certainly abuse or try to exploit such.
@diamond@beehaw.org Happy to work with you on this, but I'd request a much more specific source and which resources of Beehaw you'd want that on.
Thank you for the reply, I really appreciate it! Currently, my app has been migrated to the WS API so development can continue for now until the WS is removed completely in a later release or Lemmy addresses the CORS issue upstream.
As for the security concerns, I believe that most of them are addressed in this comment that is in the particular issue that I linked above.
It's worth noting that CORS really only applies in the browser and that the WS API currently bypasses this protection (hence me being able to continue with the development).
P/S: the app currently lives at https://slemmy.libdb.so.