Copy link
@fengmk2

fengmk2 Dec 13, 2023

Author Member

@Beace This modification is to ensure that the default configuration is the lowest risk. Setting credentials is the expected behavior of developers who explicitly want to return requestOrigin.
The previous default configuration returned requestOrigin, which was very risky.