anki-connect/config.json at 17d8ecf60fa5372dbb1da9dbf64c6717c9a09e87 - anki-connect - FooSoft Productions

alex/anki-connect

DegrangeM 9472ac4401

Fix vulnerability (#252 )

* Improve and simplify code handling CORS

* Don't execute request when origin not allowed

Fix vulnerability

* Remove webCorsOrigin legacy option

It's confusing (and potentially insecure as removing webCorsOrigin in configuration would still set it to localhost)

* Allow 127.0.0.1 and browser extension if localhost allowed

2021-05-05 22:31:11 -07:00

8 lines

154 B

JSON

Raw Blame History

 {
     "apiKey": null,
     "apiLogPath": null,
     "webBindAddress": "127.0.0.1",
     "webBindPort": 8765,
     "webCorsOriginList": ["http://localhost"]
 }