Could you unlock CORS policy for acme API so it can be used in web-based clients?

When I asked include for useing buypass CA in Zerossl.com, he said he can't do that due to CORS policy of buypass API.

Looks like their API is restricted via CORS (in a way that you can’t pull their API endpoint in the browser from anything but their own site basically):

Access-Control-Allow-Origin’ does not match ‘https://www.buypass.no

Unless they change that, it won’t be possible to add it to the online client.

But web based client is where longer lifetime of buypass offers shines most, because clients isn't likely to automate renewal. And this API is public one, so I don't think there is reason for block web based clients for it.

2replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • You can use acme.sh ,,,, it runs even if you don't have SSH access

    Like
  • It looks like there was never an answer to the question asked there about CORS, so perhaps someone on Buypass side could comment - are there any plans to relax CORS (whether to * or to specific origins)? Otherwise it is not possible to create a purely in-browser client.

    Like
Like Follow
  • 3 wk agoLast active
  • 2Replies
  • 81Views
  • 3 Following

Buypass Official Community

This is the official community of Buypass.  A Root CA located in Norway.