-
Notifications
You must be signed in to change notification settings - Fork 149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve CORS configuration #458
Comments
We uses this proxy filter which supports both Tomcat/Jetty CORS filters |
There is no these changes in 3.0.1 branch. We need to merge these changes into 3.0.2 branch |
We need to add similar implementation to oxTrust too |
Done for 3.0.2 as requested. |
Hi, @qbert2k I see that we still use this "Access-Control-Allow-Origin: *" header in responses both in 3.0.x and 3.1.x packages. It happens because of this part of Apache's configuration:
I.e. this header is simply attached to all responses from We also have same line set for "/oxauth" path:
|
https://support.gluu.org/other/3630/insecure-response-with-wildcard-in-access-control-allow-origin/
The text was updated successfully, but these errors were encountered: