Open ansell opened 5 years ago
JSONPFilters is hardcoded to allow CORS from every website.
https://github.com/AtlasOfLivingAustralia/dashboard/blob/master/grails-app/conf/au/org/ala/dashboard/JSONPFilters.groovy#L21
At minimum this should be configurable, and ideally CORS should be turned off by default and only switched on by users who are aware of the security consequences of doing so.
JSONPFilters is hardcoded to allow CORS from every website.
https://github.com/AtlasOfLivingAustralia/dashboard/blob/master/grails-app/conf/au/org/ala/dashboard/JSONPFilters.groovy#L21
At minimum this should be configurable, and ideally CORS should be turned off by default and only switched on by users who are aware of the security consequences of doing so.