[asterisk-dev] [Code Review] 2667: Add configuration for CORS allowed origins.
David Lee
reviewboard at asterisk.org
Thu Jul 11 09:12:09 CDT 2013
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2667/#review9118
-----------------------------------------------------------
And to answer your question, secure by default (even if it's more effort to configure) is my preference.
- David Lee
On July 9, 2013, 4:23 p.m., Jason Parker wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2667/
> -----------------------------------------------------------
>
> (Updated July 9, 2013, 4:23 p.m.)
>
>
> Review request for Asterisk Developers and David Lee.
>
>
> Bugs: ASTERISK-21278
> https://issues.asterisk.org/jira/browse/ASTERISK-21278
>
>
> Repository: Asterisk
>
>
> Description
> -------
>
> Add configuration of allowed origins and validation of origins against that list.
>
>
> Diffs
> -----
>
> /trunk/res/res_stasis_http.c 393909
> /trunk/res/stasis_http/config.c 393909
> /trunk/res/stasis_http/internal.h 393909
>
> Diff: https://reviewboard.asterisk.org/r/2667/diff/
>
>
> Testing
> -------
>
> Multiple (comma-delimited) values work, * works (even if somebody is silly, and puts it in a list), empty config option fails as expected (should it default to *? Insecure by default vs more effort to configure).
>
>
> Thanks,
>
> Jason Parker
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20130711/82d3b7e4/attachment-0001.htm>
More information about the asterisk-dev
mailing list