Do you have a working example of filtering by origin with deployments on Now ? It seemed to me it was not reflected because of their container proxy or some other reason, but I'll have to check again.
In the case of a web app, if the static front-end is served from a domain name example.com, you'd probably want your backend to allow CORS only for requests coming from that origin.
I know it's not the same use case as your example, which is adding an open CORS on top of a public API, but I was wondering how that would work.
Let's say we want to make a GraphQL API for XKCD, but have it work only with our own front-end (for some reason).
We'd publish the server that queries the XKCD API and exposes a GraphQL endpoint on Now, but allowing CORS only from whatever domain name we've bound to our front-end static server (could also be Now, or Surge, or whatever static hosting service there is out there).
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
FIY, the example deployment has moved from xkcdapi.now.sh to xkcd.now.sh as of today.
Do you have a working example of filtering by origin with deployments on Now ? It seemed to me it was not reflected because of their container proxy or some other reason, but I'll have to check again.
Xkcdapi.now.sh was a mistake, I have updated the post to use the correct URL: XKCD.now.sh
Can you clarify what you mean by "filtering by origin"?
In the case of a web app, if the static front-end is served from a domain name example.com, you'd probably want your backend to allow CORS only for requests coming from that origin.
I know it's not the same use case as your example, which is adding an open CORS on top of a public API, but I was wondering how that would work.
Let's say we want to make a GraphQL API for XKCD, but have it work only with our own front-end (for some reason).
We'd publish the server that queries the XKCD API and exposes a GraphQL endpoint on Now, but allowing CORS only from whatever domain name we've bound to our front-end static server (could also be Now, or Surge, or whatever static hosting service there is out there).