mirror of
https://github.com/Dispatcharr/Dispatcharr.git
synced 2026-07-18 00:55:50 +00:00
security: Removed CORS_ALLOW_CREDENTIALS = True from CORS configuration. Dispatcharr authenticates via JWT Authorization headers and API keys — not cookies — so credentials are never sent cross-origin by browsers. The setting was also redundant: browsers reject Access-Control-Allow-Credentials: true when Access-Control-Allow-Origin is a wildcard (*), so it had no effect in practice.
This commit is contained in:
parent
b535f28ac5
commit
04a684b359
1 changed files with 0 additions and 1 deletions
|
|
@ -420,7 +420,6 @@ BACKUP_DATA_DIRS = [
|
|||
SERVER_IP = "127.0.0.1"
|
||||
|
||||
CORS_ALLOW_ALL_ORIGINS = True
|
||||
CORS_ALLOW_CREDENTIALS = True
|
||||
CSRF_TRUSTED_ORIGINS = ["http://*", "https://*"]
|
||||
APPEND_SLASH = True
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue