Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
No effective CORS origin restriction in the API #3601
Describe the bug
Our current default, and only obvious setup option, is not to have effective CORS origin restrictions, which opens up attack vectors in the browser, targeting any deployment.
For someone that would like to tighten their setup, we provide no obvious immediate way to enable effective CORS restrictions.
Where was the bug observed
There could be easy documented ways of :
Is there a workaround? What is it.
URL / Environment where this happened