If your app is not behind an intranet, it's always safe to CORS everything w/ Access-Control-Allow-Origin: * https://fetch.spec.whatwg.org/#basic-safe-cors-protocol-setup … - do it
-
-
@wycats@keithjgrant@WHATWG If you can curl it, to serve it out to 3rd party, you have to pay for the redistribution, with CORS,origin pays -
@JibberJim@wycats@keithjgrant@WHATWG that cost is increadibly minor relative to everything else.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.