I was wondering if the Let’s Encrypt API endpoints ever implemented support for CORS headers (e.g. Access-Control-Allow-Origin
)? A while back (2015) the request to add CORS support was accepted into both the ACME v1 spec and also by the Boulder developers and Boulder certainly has had activity since then for supporting CORS, but it looks like the current v1 and v2 endpoints for LE have it disabled?
Can someone confirm? And if so, was this done for security reasons?