[asterisk-dev] [Code Review] 2667: Add configuration for CORS allowed origins.

David Lee reviewboard at asterisk.org
Thu Jul 11 09:02:47 CDT 2013 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2667/#review9116
-----------------------------------------------------------

Ship it!


Minor suggestions about providing feedback. Looks good otherwise!


/trunk/res/res_stasis_http.c
<https://reviewboard.asterisk.org/r/2667/#comment17987>

    A debug or notice log when we're rejecting an Origin: header would be very useful. Especially for situations where it's not clear what the header would be (like running swagger-ui from a file:// URL, for example).



/trunk/res/res_stasis_http.c
<https://reviewboard.asterisk.org/r/2667/#comment17988>

    Same here.



/trunk/res/stasis_http/config.c
<https://reviewboard.asterisk.org/r/2667/#comment17986>

    It would also make sense to add the allowed origins to the output of the ari show status command.


- David Lee


On July 9, 2013, 4:23 p.m., Jason Parker wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2667/
> -----------------------------------------------------------
> 
> (Updated July 9, 2013, 4:23 p.m.)
> 
> 
> Review request for Asterisk Developers and David Lee.
> 
> 
> Bugs: ASTERISK-21278
>     https://issues.asterisk.org/jira/browse/ASTERISK-21278
> 
> 
> Repository: Asterisk
> 
> 
> Description
> -------
> 
> Add configuration of allowed origins and validation of origins against that list.
> 
> 
> Diffs
> -----
> 
>   /trunk/res/res_stasis_http.c 393909 
>   /trunk/res/stasis_http/config.c 393909 
>   /trunk/res/stasis_http/internal.h 393909 
> 
> Diff: https://reviewboard.asterisk.org/r/2667/diff/
> 
> 
> Testing
> -------
> 
> Multiple (comma-delimited) values work, * works (even if somebody is silly, and puts it in a list), empty config option fails as expected (should it default to *?  Insecure by default vs more effort to configure).
> 
> 
> Thanks,
> 
> Jason Parker
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20130711/c1da24a6/attachment.htm>

More information about the asterisk-dev mailing list