Apr 23, 2020 03:40 PM|bruce (sqlwork.com)|LINK
there is max length on the CORS header value (4k-16k depending on servers and proxies). also CORS is only implemented by browser ajax calls, it has no effect on other users of your api. from the web servers point of view CORS is a return header value, it
is not related to authentication, though its hard to understand why an anonymous site would not allow all.