[
https://issues.apache.org/jira/browse/MESOS-5918?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15998026#comment-15998026
]
Yan Xu commented on MESOS-5918:
-------------------------------
[~anandmazumdar] could you list what specifically are the security implications
of CORS? It would be nice if we can compare the design choices (CORS vs.
proxying & are they mutually exclusive)?
> Replace jsonp with a more secure alternative
> --------------------------------------------
>
> Key: MESOS-5918
> URL: https://issues.apache.org/jira/browse/MESOS-5918
> Project: Mesos
> Issue Type: Improvement
> Components: webui
> Reporter: Yan Xu
>
> We currently use the {{jsonp}} technique to bypass CORS check. This practice
> has many security concerns (see discussions on MESOS-5911) so we should
> replace it with a better alternative.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
