0

I've done a bit of research regarding how CORS works, but I'll be honest, I'm a newbie at this particular aspect of development.

I have an API which I'd like to expose to anyone who is using a valid API key. The level of security here is minimal - the purpose of the API key is simply to help identify who is making the request. The information being requested is publicly available information, so I'm not too concerned with security.

The way the code works is that, when the API call is made, it validates the API key, and if the key is valid and matches with the information being requested, the API returns the relevant information.

I'm currently using "*" for origins, headers, and methods for my controller. Is there any reason to change this to something else, and if so, what should I be using?

Kiran Ramaswamy
  • 501
  • 1
  • 5
  • 18
  • 1
    See the answer at https://stackoverflow.com/questions/43154170/is-it-safe-to-enable-cors-to-for-a-public-and-readonly-webservice/43154277#43154277 – sideshowbarker Dec 13 '18 at 22:25

1 Answers1

0

As indicated by sideshowbarker above, the answer to Is it safe to enable CORS to * for a public and readonly webservice? answers my question, so I'm going to mark this as answered.

Thanks sideshowbarker!

Kiran Ramaswamy
  • 501
  • 1
  • 5
  • 18