Closed moisseev closed 1 month ago
@vstakhov From a security perspective, is it acceptable to always allow any origin in the CORS policy?
Currently, we conditionally add the Access-Control-Allow-Origin: *
header based on the presence of multiple servers in the neighbours
list.
However, if we always include this header, we could achieve the following benefits:
neighbours
sections.Are there any security concerns or implications we should consider if we decide to always allow any origin?
neighbours
for CORS header.