vorburger commented on a change in pull request #749:
URL: https://github.com/apache/fineract/pull/749#discussion_r428267379
##########
File path:
fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/filter/TenantAwareTenantIdentifierFilter.java
##########
@@ -95,7 +95,7 @@ public void doFilter(final ServletRequest req, final
ServletResponse res, final
// allows for Cross-Origin
// Requests (CORs) to be performed against the platform API.
- response.setHeader("Access-Control-Allow-Origin", "*");
+ response.setHeader("Access-Control-Allow-Origin",
"https://mifos.org/mifos-x/";);
Review comment:
I'm not super familiar with CORS, but this looks curious, to me. What
does this hard-coded URL mean and do exactly? We have a dedicated JIRA re. CORS
(search). Perhaps it would be best to first and separately solve that, before
adding secbugs?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
