prusnak
commented
4 years ago We can disable CORS completely via a debug build option https://github.com/trezor/trezord-go/pull/195
Closed karelbilek closed 4 years ago
prusnak
commented
4 years ago We can disable CORS completely via a debug build option https://github.com/trezor/trezord-go/pull/195
An idea - add an option for whitelisting more origins.
Maybe that option might get abused in some way by some attacker, but really, if the attacker can change options of binaries, he already can do worse than allow third party websites to connect to Trezor.