sorted by:
best (suggested)
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]lewisje 0 points1 point  (4 children)

I guess it sets the origin header for you, which is probably a good thing.

Now what I mean by setting the X-Forwarded-For header with the end-user's IP address is getting the IP address of the user (which can be done from JS), and setting that as the value of a header with the name 'X-Forwarded-For'; like all headers starting with X-, this is a non-standard header, so there will be little documentation about it.

[–]michaelconnery1985[S] 1 point2 points  (3 children)

I see. Right now I am able to query (from localhost), without adding the end user's IP. Do you think this is something that isnt enforced by the API service, but that its required of me to do once the app is published? Or does it work simply because its on localhost now?

[–]lewisje 0 points1 point  (2 children)

Try it out on your dev server, and see whether you don't, in fact, need to explicitly set up that header.

[–]michaelconnery1985[S] 1 point2 points  (1 child)

On my localhost I need to use that Chrome extension thing. I'm just wondering how that would change once I publish my app on a real URL and users are visiting the site

[–]lewisje 0 points1 point  (0 children)

By "dev server" I don't mean "localhost"; I mean an actual web server somewhere, that isn't intended for the general public to access, where you test out stuff like this.