'[Bug 62419] Avoid CORS Origin echoing by default'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-dev
Subject:    [Bug 62419] Avoid CORS Origin echoing by default
From:       bugzilla () apache ! org
Date:       2018-05-31 12:44:28
Message-ID: bug-62419-78-ug43XatK9h () https ! bz ! apache ! org/bugzilla/
[Download RAW message or body]

https://bz.apache.org/bugzilla/show_bug.cgi?id=62419

--- Comment #2 from Ralf Hauser <hauser@acm.org> ---
To easily test whether you are affected

  curl -vsLH "Origin: http://evil.com" https://yourdomain.tld/ 2>&1  | grep -i
access-control

If you see "evil", then you are, if you see "*" you are not.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic