Background
If a web application wanted to use an LND node, requests would be blocked even if the REST API were exposed due to the lack of a Access-Control-Allow-Origin header. I don't know that there's much harm in setting it to * by default, since you'd need macaroons for the node to do pretty much anything anyway.
This is somewhat of a duplicate of #1405, however that issue went a little off-topic with a fork of LND.
Your environment
- version of
lnd - 0.5.1
- which operating system (
uname -a on *Nix) - Ubuntu Server 16.04
- version of
btcd, bitcoind, or other backend - bitcoind
Background
If a web application wanted to use an LND node, requests would be blocked even if the REST API were exposed due to the lack of a
Access-Control-Allow-Originheader. I don't know that there's much harm in setting it to*by default, since you'd need macaroons for the node to do pretty much anything anyway.This is somewhat of a duplicate of #1405, however that issue went a little off-topic with a fork of LND.
Your environment
lnd- 0.5.1uname -aon *Nix) - Ubuntu Server 16.04btcd,bitcoind, or other backend - bitcoind