a collection of lightweight TypeScript packages for AT Protocol, the protocol powering Bluesky
atproto
bluesky
typescript
npm
docs(oauth-cab): clearer note for CORS
+3
-3
+3
-3
packages/oauth/cab/README.md
+3
-3
packages/oauth/cab/README.md
···
13
13
14
14
### server-side (CAB backend)
15
15
16
-
> **note:** the CAB endpoint should only accept requests from your client's origin(s) to prevent
17
-
> other websites from abusing it. serving the endpoint from the same origin as your web application
18
-
> is the simplest way to enforce this.
16
+
> [!WARNING]
17
+
> the CAB endpoint should only accept requests from your client's origin. if you have CORS
18
+
> middleware set up, you should exclude `/xrpc/dev.atcute.oauth.getClientAssertion` from it.
19
19
20
20
#### with XRPC router
21
21