8 comments

[ 5.4 ms ] story [ 32.6 ms ] thread
@OP: FYI I'm getting mixed content errors with the example fetch because the AllOrigins page itself is served over HTTPS, but the backend call is going to HTTP. May be a good idea to swap that out.
Fixed, thanks for pointing it out!
Good to have that. CORS!
Convenient. Can the sample endpoint (http://allorigins.pw/get?url=) be used by pages or do I need to deploy it myself?

How about CORS version instead of JSONP?

A CORS version is planned! And yes, you can use the sample endpoint in your pages.
Interesting go-around to CORS.

There's a reason browser's have same-origin protections: to stop spammy behavior and protect against malintent by original or injected scripts.

This service will be fine for a bit, but once it's used for the above purposes, it'll end up in blocklists.