Is it safe to fix Access-Control-Allow-Origin (CORS origin) errors with a php header directive?
Yes, you open your site to being requested via AJAX to any other script in the whole web. It would be better if you limit the origin to one specific remote domain from which you are consuming the API, like this example: header(“Access-Control-Allow-Origin: http://mozilla.com”); However as the mozilla documentation states, a client can fork the … Read more