[Bug 62419] Avoid CORS Origin echoing by default
https://bz.apache.org/bugzilla/show_bug.cgi?id=62419 --- Comment #2 from Ralf Hauser --- To easily test whether you are affected curl -vsLH "Origin: http://evil.com"; https://yourdomain.tld/ 2>&1 | grep -i access-control If you see "evil", then you are, if you see "*" you are not. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 62419] Avoid CORS Origin echoing by default
https://bz.apache.org/bugzilla/show_bug.cgi?id=62419 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Mark Thomas --- https://markmail.org/message/sv2kr463zhummdkd http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.32 Reviewing r1831728, the docs needs to be updated to reflect those changes. I'll get that done today. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org