Justoverclock Actually I have an extension that shows a thumb with a website preview on all url posted on Flarum. But I’m new to this and I’ve discovered that CORS block all external request. Actually what is the correct way to work with this kind of extension?
[deleted] Justoverclock But I’m new to this and I’ve discovered that CORS block all external request. It only does that because you have told it to 🙂 This is to prevent anything from being injected into your site from a security standpoint. You can create exceptions, but you could never cater for all external links for all installations, otherwise you'd land up with a CORS polict based on Swiss cheese 🙂
Justoverclock So right now this extension can works only with site that have this exception , basically useless 😅
[deleted] Justoverclock Not really. It depends on the owner's attitude to risk. Whilst setting security headers is generally a recommended, accepted, and industry standard, it doesn't mean everyone will do it. You could still develop the extension, but place a note in the readme that it will not work (nor be supported) if you have a CORS header set that prevents it's operation.
Justoverclock Actually seems to be complicated...the code works pretty much well with linkpreview API. i do not want to ask for help (but actually i need). So if someone is interested to create this extension let me know, ping me here or on discord,
