aboutsummaryrefslogtreecommitdiffstats
path: root/README
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2022-03-28 14:53:24 +0100
committerMatthew Wild <mwild1@gmail.com>2022-03-28 14:53:24 +0100
commitf19f1088b757c41c2c63b328f1d3faca8fe9a857 (patch)
tree876ee44e570eac125bc77b5ed95c9c2f7ef65df5 /README
parent331ede129e1b1787d611b87f1b20dc43eeea92a2 (diff)
downloadprosody-f19f1088b757c41c2c63b328f1d3faca8fe9a857.tar.gz
prosody-f19f1088b757c41c2c63b328f1d3faca8fe9a857.zip
mod_http (and dependent modules): Make CORS opt-in by default (fixes #1731)
The same-origin policy enforced by browsers is a security measure that should only be turned off when it is safe to do so. It is safe to do so in Prosody's default modules, but people may load third-party modules that are unsafe. Therefore we have flipped the default, so that modules must explicitly opt in to having CORS headers added on their requests.
Diffstat (limited to 'README')
0 files changed, 0 insertions, 0 deletions