You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@fineract.apache.org by GitBox <gi...@apache.org> on 2020/05/20 19:48:27 UTC

[GitHub] [fineract] vorburger commented on a change in pull request #749: Fineract 853

vorburger commented on a change in pull request #749:
URL: https://github.com/apache/fineract/pull/749#discussion_r428267379



##########
File path: fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/filter/TenantAwareTenantIdentifierFilter.java
##########
@@ -95,7 +95,7 @@ public void doFilter(final ServletRequest req, final ServletResponse res, final
 
             // allows for Cross-Origin
             // Requests (CORs) to be performed against the platform API.
-            response.setHeader("Access-Control-Allow-Origin", "*");
+            response.setHeader("Access-Control-Allow-Origin", "https://mifos.org/mifos-x/");

Review comment:
       I'm not super familiar with CORS, but this looks curious, to me. What does this hard-coded URL mean and do exactly? We have a dedicated JIRA re. CORS (search). Perhaps it would be best to first and separately solve that, before adding secbugs?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org