Hi as I am aware of currently signature required endpoints must be called from server side which is fine but I’m curious if it is possible to call directly from the browser and the reason why it must be routed through an additional location. I am not super well versed in these kinds of security things. Is there a way for a browser to collect outgoing data or the wifi or something and that is perhaps prevented when sent from backend to binance?
Browsers have CORs policy so if an API endpoint doesn’t support cross origin post you cannot send a post request directly from a browser.
What’s your specific request? Most GET requests should be fine from browsers
I just wasn’t sure because like if you make like binance desktop app that is sending directly from your computer right? But if its a web app it cant. And so your api secret is only kept on your own machine in binance desktop app but web apps must have your api secret sent to a trusted third party backend right? Ive got non signature requests fine from web app but wasnt sure if way to perhaps work with secret key requests as well directly. I mean ive seen the word cors all the time but dont understand what it is really. Does a desktop app use some other mechanism than when an app is run through a browser. Im guessing even a pwa runs in a browser too or no?
Not an applicable topic in this forum. Please find a web dev technical group to ask around.