I have a client that is concerned that a malicious party may decompile the mobile app and extract the application id and beacon endpoint for future attacks.
I found in the documentation the use of Beacon origins for CORS. Can you confirm if this also applied for mobile and if this should be the solution to be sure that the beacon endpoint will only accept requests from "known" or "authenticated" clients?
Thank you in advance.
Solved! Go to Solution.
For detailed security inquiries I suggest to create a support ticket. CORS only applies for browser based traffic and not for native mobile agents.