Wait a minute isn't this a huge security issue in the browsers, that I can easily fetch from a website I just opened up and have that website URL as my origin? Does the IP also point to that website I'm fetching from (in the console) or is it my IP? Is the website allowed to not let people fetch using it's origin?
i dont know that i completely follow your question, but: - yes you can theoretically go to your browser's console and create a same-site origin request to the website you're on - there are extra security guards that you can place, that larger websites often place, to prevent someone from abusing that, such as authentication, rate limiting, DDOS prevention, etc - im not sure what you mean by the IP question - by default, without CORS headers, you can not fetch from a website from another origin, this video shows how to do that in a way that you're not allowing ALL websites to make those requests, but only the ones that you choose
Nice video @colbyfayock! Another workaround I've been trying lately (but need to measure bandwidth usage) is by adding a `rewrites` option to my Next.js config. The source would be the path I want to post to (could be your API), then the destination the original. I've been using it for file uploads, so this could get expensive $$$$
this is my first time seeing the cors package, but it looks like it's still a great and easy way to configure CORS specifically in an Express app, where im not sure that this would work inside of a serverless function? but if you wanted to avoid using CORS, you could use this technique to configure the headers yourself, which is partially what the package does
Learn how to build a full stack Next.js app in my upcoming course: colbyfayock.com/course
By far the best video that really explains CORS and how to overcome it!
🙇♂️
Bro you just saved me, THANK YOU!. Suscribed and liked this video
happy to hear that! 🙌 and thanks for the sub 😁
Wait a minute isn't this a huge security issue in the browsers, that I can easily fetch from a website I just opened up and have that website URL as my origin? Does the IP also point to that website I'm fetching from (in the console) or is it my IP? Is the website allowed to not let people fetch using it's origin?
i dont know that i completely follow your question, but:
- yes you can theoretically go to your browser's console and create a same-site origin request to the website you're on
- there are extra security guards that you can place, that larger websites often place, to prevent someone from abusing that, such as authentication, rate limiting, DDOS prevention, etc
- im not sure what you mean by the IP question
- by default, without CORS headers, you can not fetch from a website from another origin, this video shows how to do that in a way that you're not allowing ALL websites to make those requests, but only the ones that you choose
Amazing video as usual! Keep going 💪🏻
thank you!!
Great video,
Please make complete tutorial on authjs v5, rolebased, customer cookie, client side validations
thanks for the idea!
@@colbyfayock I hope so you've started making the video, because I've turned on your notification.
Nice video @colbyfayock! Another workaround I've been trying lately (but need to measure bandwidth usage) is by adding a `rewrites` option to my Next.js config. The source would be the path I want to post to (could be your API), then the destination the original.
I've been using it for file uploads, so this could get expensive $$$$
ohhh thats interesting! i never thought about rewrites from a billing perspective, is that measured in bandwidth?
Great Colby 👍
thanks! 🙌
He became my friend now
💯
damn this one is really something :D
💯
So I never needed the cors npm package?
this is my first time seeing the cors package, but it looks like it's still a great and easy way to configure CORS specifically in an Express app, where im not sure that this would work inside of a serverless function? but if you wanted to avoid using CORS, you could use this technique to configure the headers yourself, which is partially what the package does
Get fresh tutorials and other free content straight to your inbox! colbyfayock.com/news
@CricMaster-oo6uf hey thanks for the idea, will keep it in mind!