CORS blocked
EnumC opened this issue · 2 comments
Hi! I am implementing the service on a webapp, but my requests aren't getting through due to the lack of 'Access-Control-Allow-Origin' header on the api. Is this intended or simply skipped? Thanks!
XMLHttpRequest cannot load https://check.getipintel.net/check.php?ip=this_is_an_ip&contact=this_is_an_email_address&format=json. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.
Hi,
This is intended. We strongly discourage users from implementing API queries on client side because
-
From a security's perspective, you should not trust input from a client. You cannot be sure that the client is running legitimate API queries to our API and returning the result that's unmodified.
-
We impose limitations on our free API. If it's implemented client side then one cannot control the exact amount of queries sent to our API. If you go on a custom plan which gives you a unique custom subdomain, then all the clients would know this information and abuse your custom subdomain.
I thought I could just stick it in my angular project, but I guess that wouldn't work. Thanks for the explanation.