Changes between Initial Version and Version 1 of Ticket #1215, comment 6
- Timestamp:
- 2011-11-16T23:28:01Z (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #1215, comment 6
initial v1 1 I strongly disagree with comment:4 and comment:5. We advocate setting the web port to listen only for connections from localhost, precisely in order to mitigate the ambient authority problems with the current WUI. It's the documented way to avoidsuch problems, and we shouldn't make it break, introducing new and unnecessary security vulnerabilities, until we have fixed them.1 I strongly disagree with comment:4 and comment:5. We advocate setting the web port to listen only for connections from localhost, precisely in order to mitigate the ambient authority problems with the current WUI. It's the documented way to ~~avoid~~mitigate such problems, and we shouldn't make it break, introducing new and unnecessary security vulnerabilities, until we have fixed them. 2 2 3 3 > However, what vulnerability would turning on Access-Control-Allow-Origin: * open up?
