Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security: Disable CORS by default #7642

Merged

Conversation

Projects
None yet
2 participants
@spinscale
Copy link
Member

spinscale commented Sep 8, 2014

In order to deliver a more secure out-of-the-box configuration this commit
disables cross-origin resource sharing by default. It is possibly to enable it and create a more finegrained configuration anytime using the existing cors configuration parameters.

Closes #7151

@clintongormley

This comment has been minimized.

Copy link
Member

clintongormley commented Sep 8, 2014

LGTM

CORS: Disable by default
In order to deliver a more secure out-of-the-box configuration this commit
disables cross-origin resource sharing by default.

Closes #7151

@spinscale spinscale force-pushed the spinscale:issue-7151-disable-cors-by-default branch to bd0eb32 Sep 9, 2014

@spinscale spinscale merged commit bd0eb32 into elastic:master Sep 9, 2014

@spinscale spinscale changed the title CORS: Disable by default HTTP: Disable CORS by default Sep 10, 2014

@clintongormley clintongormley changed the title HTTP: Disable CORS by default Security: Disable CORS by default Sep 10, 2014

alexcojocaru pushed a commit to alexcojocaru/elasticsearch-maven-plugin that referenced this pull request Nov 11, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.