Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-7591

CORS should be disabled by default

    XMLWordPrintable

Details

    Description

      CORS is not necessary for ReST access by the mobile client, it should only be enabled by site administrators who know what they're doing. Right now it's enabled in all cases, but it could expose us to various cross-site-scripting attacks.

      Attachments

        Activity

          People

            ranger Benjamin Reed
            ranger Benjamin Reed
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: