96 remove universal cors #97

Merged
merged 2 commits into from Mar 26, 2012

Conversation

Projects
None yet
2 participants
Contributor

brianloveswords commented Mar 23, 2012

We had Access-Control-Allow-Origin: * going through on every request, which is a potential security vulnerability. I've modified it so only whitelisted URLs get the CORS header.

Contributor

cmcavoy commented Mar 26, 2012

looks good to me...

cmcavoy added a commit that referenced this pull request Mar 26, 2012

@cmcavoy cmcavoy merged commit 317cdc7 into development Mar 26, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment