Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

CORS for Tracking Servers

Avatar

Avatar
Contributor
Level 3
jkm-disco
Level 3

Likes

22 likes

Total Posts

124 posts

Correct Reply

14 solutions
Top badges earned
Contributor
Shape 1
Give Back
Affirm 10
Applaud 25
View profile

Avatar
Contributor
Level 3
jkm-disco
Level 3

Likes

22 likes

Total Posts

124 posts

Correct Reply

14 solutions
Top badges earned
Contributor
Shape 1
Give Back
Affirm 10
Applaud 25
View profile
jkm-disco
Level 3

14-05-2021

Description - Currently there isn't an ability to configure CORS for tracking servers. Especially in the case of setting up first-party tracking, it would be great if more restrictive origin traffic could be specified.

Why is this feature important to you - It could cut down bot/undesired tracking and it would flag fewer exceptions when probing a site for CORS compliance.

How would you like the feature to work - During the process of engaging in discussions of first-party tracking and using first-party cookies, it would be ideal to provide both the necessary CNAMEs to reference the tracking servers as well as any additional configuration changes that would be needed on the client side. Ideally, we could limit origin to the specific site we expect to send data from, and maybe a less restrictive, non-public endpoint that can be used for any server-side API data insertions.

Current Behaviour - Right now the following header is allowed "Origin: null". Every endpoint, including those that that are specifically set up for first-party tracking can recieve requests from any origin.

CORS tracking servers