Menu
I have a GraphQL API that has CORS enabled and I have an array of valid origins, urls where client side requests can make requests to the API.
app.use(cors({
origin: ["https://example.com"],
optionsSuccessStatus: 200
}))
What is the real purpose of blocking origins? Because this is an API any server can talk directly to this API. This really only prevents / limits clients from accessing the API.
If it's important at all to actually have a real whitelist, my question is should I allow http protocols, because http protocols can be easily spoofed / phished.
*) to a CORS enabled API?http origins?
479
To answer your first question, When you use the * you are allowing anyone one and every website to make request to your API.
For your second question use your own discretion but ask your self:
Will there be a lot of traffic on your website?
Why would someone want access to my API?
Do i have any routes that can cause harm to myself/company?
188
answered Oct 25 '25 22:10
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
