Add warning message for Same Origin Police work-around

bengrunfeld · Mar 10, 2015 · 377317f · 377317f
1 parent f7a53fe
commit 377317f
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/backend/handlers.py b/src/backend/handlers.py
@@ -51,6 +51,7 @@ def serialize_data(qry):
 def initialize_headers(headers, http_verb):
     """Set up the headers for HTTP requests"""
 
+    # TODO: Restrict Allow-Origin to trusted domains ONLY!
     headers['Access-Control-Allow-Origin'] = '*'
     headers['Access-Control-Allow-Methods'] = http_verb
     headers['Access-Control-Request-Method'] = http_verb