Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set cors to everything by default #32

Merged
merged 1 commit into from
May 30, 2024
Merged

Set cors to everything by default #32

merged 1 commit into from
May 30, 2024

Conversation

f-necas
Copy link
Collaborator

@f-necas f-necas commented May 30, 2024

needs to be changed

@jeanmi151
Copy link
Contributor

we can't allow CORS with wildcard, we should have a way to set a whitelist

@edevosc2c
Copy link
Member

if the data is public and with no credentials, it is fine to set CORS for all website. CORS does not forbid anyone to request it from outside of a browser.

@f-necas f-necas merged commit 45e2b46 into main May 30, 2024
1 check passed
@f-necas f-necas deleted the open-bar branch May 30, 2024 12:29
@landryb
Copy link
Member

landryb commented May 30, 2024

* is incompatible with http auth, so as soon as you plan to have 'restricted' access you're in for a nightmare.

@fvanderbiest
Copy link
Member

fvanderbiest commented May 30, 2024

* is incompatible with http auth, so as soon as you plan to have 'restricted' access you're in for a nightmare.

This will be revisited in a second time, when MEL will expect secured datasets (Q4 2024)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants