Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review/Harden Default CORS Settings #159

Open
fernando-mc opened this issue Mar 2, 2022 · 1 comment
Open

Review/Harden Default CORS Settings #159

fernando-mc opened this issue Mar 2, 2022 · 1 comment

Comments

@fernando-mc
Copy link
Owner

We've used the same default CORS configuration for a while. If we're going to release another major version soon with one of the features @mikejpeters is working on we might as well consider updating these too and seeing if they're appropriate.

I think right now we allow POST/PUT from other Amazon AWS static site domains which we might want to reconsider. It's potentially useful when you have some static sites that need to make CORS requests but might not be the best default now that we have such easy ways to configure CORS.

cc @Shereef
@mikejpeters
Copy link
Collaborator

mikejpeters commented Mar 2, 2022
edited

Is there already an easy way to configure CORS? I had been looking at issue #88 and related (but outdated) PR #103 - and considering assigning myself, but only if it's still useful.

Re: the default settings and security, sounds like a good plan. Hopefully someone here has some expertise / interest in that; it's not really in my wheelhouse.

EDIT: Also worth noting related issues #105 and #113

@mikejpeters mikejpeters mentioned this issue Mar 7, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mikejpeters @fernando-mc