We have authentication in place and we allow no unauthenticated operations.
It has to be handled separately if Zeppelin doesn't have configurations yet.
If anyone else has any thoughts reach out.
On Thu., 13 Dec. 2018, 7:23 pm Tushar Kapila What I'm saying is that CORS is not a vulnerability
What I'm saying is that CORS is not a vulnerability once you have
authentication in place. Cors works only if client respects it. Use a
standalone program like curl or postman or a custom client or even chrome
with security off (
