Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-7591

CORS should be disabled by default

    XMLWordPrintable

    Details

      Description

      CORS is not necessary for ReST access by the mobile client, it should only be enabled by site administrators who know what they're doing. Right now it's enabled in all cases, but it could expose us to various cross-site-scripting attacks.

        Attachments

          Activity

            People

            • Assignee:
              ranger Benjamin Reed
              Reporter:
              ranger Benjamin Reed
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: