Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

CORS for Tracking Servers

Avatar

Avatar
Bedrock
Level 5
jkm-disco
Level 5

Likes

34 likes

Total Posts

147 posts

Correct reply

16 solutions
Top badges earned
Bedrock
Contributor 2
Seeker
Springboard
Give Back 100
View profile

Avatar
Bedrock
Level 5
jkm-disco
Level 5

Likes

34 likes

Total Posts

147 posts

Correct reply

16 solutions
Top badges earned
Bedrock
Contributor 2
Seeker
Springboard
Give Back 100
View profile
jkm-disco
Level 5

14-05-2021

Description - Currently there isn't an ability to configure CORS for tracking servers. Especially in the case of setting up first-party tracking, it would be great if more restrictive origin traffic could be specified.

Why is this feature important to you - It could cut down bot/undesired tracking and it would flag fewer exceptions when probing a site for CORS compliance.

How would you like the feature to work - During the process of engaging in discussions of first-party tracking and using first-party cookies, it would be ideal to provide both the necessary CNAMEs to reference the tracking servers as well as any additional configuration changes that would be needed on the client side. Ideally, we could limit origin to the specific site we expect to send data from, and maybe a less restrictive, non-public endpoint that can be used for any server-side API data insertions.

Current Behaviour - Right now the following header is allowed "Origin: null". Every endpoint, including those that that are specifically set up for first-party tracking can recieve requests from any origin.