Is My Data Exposed If I Make Call to My Data From Client Side?

6 replies
Last updated: Feb 4, 2021
Hi, I have a security concern, maybe a stupid question but: is my data exposed if I make call to my dataset from front-end from client side?
Feb 4, 2021, 2:28 PM
Hi! is your dataset public or private?
Feb 4, 2021, 2:40 PM
If you are displaying it to the public then it is public
Feb 4, 2021, 2:43 PM
they're public, but if I don't have the host listed in CORS Origins, should I worry about someone pulling my data?
Feb 4, 2021, 3:35 PM
If the host is not listed in CORS Origins, your data cannot be pulled from client-side, but they can be easily pulled from server-side (or from client-side via a proxy). But as long as you're not storing confidential or gated/paid content, I wouldn't worry too much about it.
Feb 4, 2021, 3:40 PM
another way to think about it is: all information you display on a public website are scrapable and therefore public anyways. You are just making it a little easier for those bots that are going to show up anyways 🤖
Feb 4, 2021, 5:11 PM
Bots will ignore CORS, it's up to the HTTP client to enforce it.
Feb 4, 2021, 9:32 PM

Sanity– build remarkable experiences at scale

Sanity is a modern headless CMS that treats content as data to power your digital business. Free to get started, and pay-as-you-go on all plans.

Was this answer helpful?