9472ac4401
* Improve and simplify code handling CORS * Don't execute request when origin not allowed Fix vulnerability * Remove webCorsOrigin legacy option It's confusing (and potentially insecure as removing webCorsOrigin in configuration would still set it to localhost) * Allow 127.0.0.1 and browser extension if localhost allowed
8 lines
154 B
JSON
8 lines
154 B
JSON
{
|
|
"apiKey": null,
|
|
"apiLogPath": null,
|
|
"webBindAddress": "127.0.0.1",
|
|
"webBindPort": 8765,
|
|
"webCorsOriginList": ["http://localhost"]
|
|
}
|