5 points | by mariusbolik 4 days ago
6 comments
Just something to note.
Websocket connections don't enforce CORS. So that's another alternative - host all of you APIs via websockets.
This feels like a bad idea, there's a reason why we have CORS.
forget @trick-or-treat, I love it.
What happens when his users expose secrets with this thing and an attacker runs up a huge api bill? Pull the plug on this OP.
FaaS - Footgun as a Service, I hope he listens to you and takes it down. The liability on his end is potentialy catastrophic.
[dead]
Just something to note.
Websocket connections don't enforce CORS. So that's another alternative - host all of you APIs via websockets.
This feels like a bad idea, there's a reason why we have CORS.
forget @trick-or-treat, I love it.
What happens when his users expose secrets with this thing and an attacker runs up a huge api bill? Pull the plug on this OP.
FaaS - Footgun as a Service, I hope he listens to you and takes it down. The liability on his end is potentialy catastrophic.
[dead]