https://bz.apache.org/bugzilla/show_bug.cgi?id=62419
Bug ID: 62419
Summary: Avoid CORS Origin echoing by default
Product: Tomcat 8
Version: 8.5.14
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ----
As per a hint we got from network security of rub.de,
response.addHeader(
CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
"*");
is more secure than plain origin echoing.
Therefore, the easiest to get there might be to set the default of
cors.support.credentials = false ?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
