Open tbmorris449 opened 1 year ago
Perhaps I am misreading due to being unfamiliar with Java. But it looks like the security policy for the request config is doing permit all as a default. Probably not a good idea.
Brilliant catch. We'll need to switch this to deny all by default, but it'll require us knowing every acceptance in detail.
Perhaps I am misreading due to being unfamiliar with Java. But it looks like the security policy for the request config is doing permit all as a default. Probably not a good idea.