fineract-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [fineract] vorburger commented on a change in pull request #749: Fineract 853
Date Wed, 20 May 2020 19:48:27 GMT

vorburger commented on a change in pull request #749:
URL: https://github.com/apache/fineract/pull/749#discussion_r428267379



##########
File path: fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/filter/TenantAwareTenantIdentifierFilter.java
##########
@@ -95,7 +95,7 @@ public void doFilter(final ServletRequest req, final ServletResponse res,
final
 
             // allows for Cross-Origin
             // Requests (CORs) to be performed against the platform API.
-            response.setHeader("Access-Control-Allow-Origin", "*");
+            response.setHeader("Access-Control-Allow-Origin", "https://mifos.org/mifos-x/");

Review comment:
       I'm not super familiar with CORS, but this looks curious, to me. What does this hard-coded
URL mean and do exactly? We have a dedicated JIRA re. CORS (search). Perhaps it would be best
to first and separately solve that, before adding secbugs?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message