Twitter API authorization fails CORS preflight in browser

I recently faced this issue. I didn't want to spend lots of time creating node server, so I used Netlify's serverless functions. It is super easy and straight forward + free

I followed this blog, it worked perfectly fine for me: https://www.digitalocean.com/community/tutorials/nodejs-solve-cors-once-and-for-all-netlify-dev


So the unsatisfying resolution appears to be that the Twitter API does not support CORS. This seems a little astonishing to me, as it means that the API cannot be used from a browser.

That policy decision is probably related to their OAuth implementation, which is vulnerable to anyone with access to the calling platform. Maybe that was okay back in 2010, but most of the other major internet players have figured out how to do client-based authorization.