[Bug 62585] CorsFilter `supportsCredentials` and `anyOriginAllowed` cannot co-exist

bugzilla Tue, 31 Jul 2018 07:07:18 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=62585


Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |WONTFIX
             Status|NEW                         |RESOLVED

--- Comment #2 from Mark Thomas <ma...@apache.org> ---
When allowedOrigins is configured to be "*" it does corresponding exactly with
the  Access-Control-Allow-Origin response header.

See https://bz.apache.org/bugzilla/show_bug.cgi?id=62343 for references to the
security issues this change was intended to fix.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 62585] CorsFilter `supportsCredentials` and `anyOriginAllowed` cannot co-exist

Reply via email to