You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The CORS plugin documentation should clarify that setting config.origins to an empty array [] results in the plugin allowing all origins (*). This behavior is not currently documented and could lead to unintended security risks.
Steps to Reproduce:
Configure the CORS plugin with config.origins set to an empty array [].
The plugin allows all origins (*) instead of denying all origins.
What did you expect to happen?
The CORS plugin documentation should include a hint in the config.origins section of specify that providing an empty array will result in the plugin allowing all origins (*).
Additional Context:
This clarification is important to prevent potential security risks for clients who might expect that an empty array would deny all origins.
Thank you for considering this request to improve the clarity and security of the CORS plugin documentation.
Víctor Escudero [email protected] on behalf of Mercedes-Benz Tech Innovation GmbH
Code of Conduct and Community Expectations
I agree to follow this project's Code of Conduct
I agree to abide by the Community Expectations
The text was updated successfully, but these errors were encountered:
Where is the problem?
https://docs.konghq.com/hub/kong-inc/cors/configuration/#config-origins
What happened?
The CORS plugin documentation should clarify that setting config.origins to an empty array [] results in the plugin allowing all origins (*). This behavior is not currently documented and could lead to unintended security risks.
Steps to Reproduce:
What did you expect to happen?
The CORS plugin documentation should include a hint in the config.origins section of specify that providing an empty array will result in the plugin allowing all origins (*).
Additional Context:
This clarification is important to prevent potential security risks for clients who might expect that an empty array would deny all origins.
Thank you for considering this request to improve the clarity and security of the CORS plugin documentation.
Víctor Escudero [email protected] on behalf of Mercedes-Benz Tech Innovation GmbH
Code of Conduct and Community Expectations
The text was updated successfully, but these errors were encountered: