You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The OAuth2 token endpoint has a completely open CORS rules. There's enough security here using other mechanisms that there's no risk here.
Other endpoints by default have no CORS rules, but this can be turned on with the cors.allowOrigin database setting. When this is on, it overrides the OAuth2 cors rules and token gets the same restriction as cors.allowOrigin. Im not sure if this is what we want.
The text was updated successfully, but these errors were encountered:
The OAuth2 token endpoint has a completely open CORS rules. There's enough security here using other mechanisms that there's no risk here.
Other endpoints by default have no CORS rules, but this can be turned on with the
cors.allowOrigindatabase setting. When this is on, it overrides the OAuth2 cors rules and token gets the same restriction ascors.allowOrigin. Im not sure if this is what we want.The text was updated successfully, but these errors were encountered: