pmauduit
commented
10 months ago Since the situation gets close to what we had before #59, and the testsuite keeps green, I think we can safely merge here.
Closed pmauduit closed 10 months ago
pmauduit
commented
10 months ago Since the situation gets close to what we had before #59, and the testsuite keeps green, I think we can safely merge here.
Partially reverts https://github.com/georchestra/georchestra-gateway/pull/59: CORS is configurable via yaml config files, CSRF is not.
From my understanding, CSRF protection has to be managed separately by the underlying webapps being proxified by the gateway.