We are using CORSPlug in our application, and we have been using it with a whitelist so far, but we want to allow 3rd party entities to access certain endpoints after validation(with a token), from their own website, so they can display the relevant data for them.
How can this be achieved without adding each 3rd party to the whitelist?
I imagine that the easiest would be to use the origin defining option with a function from CORSPlug but without conn it doesn’t help in this situation, since I’d need to get their token somehow and then allow it through.
Or is it possible to make
the else path of the token checking mechanism?
I think i can do this by doing CORSPlug.call/2 inside my if
hah i think it just doesnt do anything now