Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
CORS for map tiles?
See original GitHub issueWe currently enable CORS only for metadata_api, not for tile_api or spec_api:
However, we need CORS also for map tiles when using Mapbox GL as a client, because it fetches the data inside the web client, rather than just letting the browser load the images directly, like Leaflet does it.
What is the rationale behind not enabling CORS for all endpoints? And if we were to change that, should we just enable CORS everywhere or make it a configurable option (CORS=false or so)?
Issue Analytics
- State:
- Created 4 years ago
- Reactions:2
- Comments:9
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Like @dionhaefner I also think the first option is preferable, but the second one is fine too.
Config sounds good. With CORS enabled globally, anyone can hijack the Terracotta server and request tiles in the backend of their own application, which might get costly. Of course you can still hijack the server in the frontend without CORS, so the only real protection is proper authentication.