The following is a 403
curl 'https://indieauth.com/auth' -X POST -H 'accept: application/json' \
-H 'referer: https://endpointservices.static.observableusercontent.com/'
The following works
curl 'https://indieauth.com/auth' -X POST -H 'accept: application/json' \
-H 'referer: https://endpointservices.static.observableusercontent.com/' \
-H 'origin: https://endpointservices.static.observableusercontent.com'
Looks like it gets bounced at the nginx level.
Why am I sending a referer header but not an origin header? I am hosting code in a pupeteer instance and when you disable CORS thats how it sends requests (and I don't seem to be able to get rid of the referer header) https://observablehq.com/@endpointservices/serverless-cells
So Chrome B.S. of some sorts. It's not blocking me I can just use the form response instead.
The following is a 403
The following works
Looks like it gets bounced at the nginx level.
Why am I sending a referer header but not an origin header? I am hosting code in a pupeteer instance and when you disable CORS thats how it sends requests (and I don't seem to be able to get rid of the referer header) https://observablehq.com/@endpointservices/serverless-cells
So Chrome B.S. of some sorts. It's not blocking me I can just use the form response instead.