5 points | by mariusbolik 1 day ago
3 comments
Just something to note.
Websocket connections don't enforce CORS. So that's another alternative - host all of you APIs via websockets.
This feels like a bad idea, there's a reason why we have CORS.
forget @trick-or-treat, I love it.
What happens when his users expose secrets with this thing and an attacker runs up a huge api bill? Pull the plug on this OP.
FaaS - Footgun as a Service, I hope he listens to you and takes it down. The liability on his end is potentialy catastrophic.
Just something to note.
Websocket connections don't enforce CORS. So that's another alternative - host all of you APIs via websockets.
This feels like a bad idea, there's a reason why we have CORS.
forget @trick-or-treat, I love it.
What happens when his users expose secrets with this thing and an attacker runs up a huge api bill? Pull the plug on this OP.
FaaS - Footgun as a Service, I hope he listens to you and takes it down. The liability on his end is potentialy catastrophic.