Github user geomacy commented on a diff in the pull request:
https://github.com/apache/brooklyn-server/pull/519#discussion_r96593335
--- Diff:
core/src/main/java/org/apache/brooklyn/core/BrooklynFeatureEnablement.java ---
@@ -61,6 +61,36 @@
/** whether feeds are automatically registered when set on entities,
so that they are persisted */
public static final String FEATURE_FEED_REGISTRATION_PROPERTY =
FEATURE_PROPERTY_PREFIX+".feedRegistration";
+ /**
+ * <p>
+ * Enabling CORS is strongly discouraged.
--- End diff --
Valentin, as I mentioned before, I think you should remove this comment.
It's not possible for us to know all the scenarios users may have, some of them
may simply require CORS, and if they use it judiciously then it can be fine.
I would replace the entire comment with simply
```java
/**
Enables support for Cross Origin Resource Sharing (CORS) filtering on
requests in BrooklynWebServer.
If enabled, the allowed origins for the CORS headers should be configured
using the
"brooklyn.experimental.feature.corsCxfFeature. allowedOrigins" property.
If this is not is not supplied then allowedOrigins will be a wildcard on
all domains; this is strongly discouraged.
Currently there is no support for varying these headers on a
per-API-resource basis, that is, the same configured headers are applied to all
requests.
*/
```
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
