-
Set a restrictive CORS policy on the API for credentialed requests · 38701389Nick Thomas authored
Cross-origin requests can still be made, as long as the client doesn't use the Rails session cookie to do so. Existing clients should not be setting 'withCredentials: true', so this should be fine.
38701389
×