@julian @jdp23 @crepels Using the "instance actor" as a proxy is a common practice because a lot of softwares don't want to leak who exactly is making the request.
-
@julian @jdp23 @crepels Using the "instance actor" as a proxy is a common practice because a lot of softwares don't want to leak who exactly is making the request.
This, combined with the fact that anyone with control of the server running on a given domain can technically do whatever they want with keys, is a strong reason why access control tends to be origin-based instead of actor-based.