Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security: Disable CORS by default #7642

Merged

Conversation

spinscale
Copy link
Contributor

In order to deliver a more secure out-of-the-box configuration this commit
disables cross-origin resource sharing by default. It is possibly to enable it and create a more finegrained configuration anytime using the existing cors configuration parameters.

Closes #7151

@clintongormley
Copy link

LGTM

In order to deliver a more secure out-of-the-box configuration this commit
disables cross-origin resource sharing by default.

Closes elastic#7151
@spinscale spinscale force-pushed the issue-7151-disable-cors-by-default branch from b09829c to bd0eb32 Compare September 9, 2014 09:21
@spinscale spinscale merged commit bd0eb32 into elastic:master Sep 9, 2014
@spinscale spinscale changed the title CORS: Disable by default HTTP: Disable CORS by default Sep 10, 2014
@clintongormley clintongormley changed the title HTTP: Disable CORS by default Security: Disable CORS by default Sep 10, 2014
alexcojocaru pushed a commit to alexcojocaru/elasticsearch-maven-plugin that referenced this pull request Nov 11, 2014
@clintongormley clintongormley added :Core/Infra/REST API REST infrastructure and utilities :Core/Infra/Settings Settings infrastructure and APIs and removed :Core/Infra/REST API REST infrastructure and utilities labels Jun 7, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Disable CORS by default
2 participants