I’m aware of this thread: CORS issue in Patreon API [SOLVED] which was resolved with:
We intentionally not support client side requests for security reasons.
We will allow that once we implement client tokens which have a different OAuth flow and will allow some interesting features with it.
However I believe this related to version 1 of the API which I believe required both Client ID and Client Secret to be exposed. In version 2, only the Client ID is required, but I’m still seeing a CORS error when attempting to call https://www.patreon.com/oauth2/authorize client-side.
Is this still a security concern and does this CORS block still need to be in place for the v2 API?