PSA: It's safe to put "Access-Control-Allow-Origin: *" on any response, *unless* that response's data is 'secured' by something other than cookies, basic auth, or TLS client certificates.
Prikaži ovu nit
Exception: Content that's 'protected' by the requester's IP. Eg geo-locked data, or extra debug data that might appear if the request is from an 'internal' IP.
-
-
Exception: Content that's 'protected' by being on an internal network. Eg intranets, iot devices, local servers (although these should all be secured another way).
Prikaži ovu nit -
These are exceptions because they would allow an attacker who was outside the internal network, or didn't have the correct IP, to use an 'inside' user as a proxy.
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.