Skip to content
Snippets Groups Projects
Commit 7d0e234b authored by Jeremy Lin's avatar Jeremy Lin
Browse files

CORS fixes 

* The Safari extension apparently now uses the origin `file://` and expects
  that to be returned (see bitwarden/browser#1311, bitwarden/server#800).

* The `Access-Control-Allow-Origin` header was reflecting the value of the
  `Origin` header without checking whether the origin was actually allowed.
  This effectively allows any origin to interact with the server, which
  defeats the purpose of CORS.
parent dad1b1be
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 14 additions and 8 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment