DBryzz edited a comment on issue #749: Fineract 853 URL: https://github.com/apache/fineract/pull/749#issuecomment-612864596 Greetings Thanks for your review and comments @vorburger. I will try to find out why CORS is the only violation findsecbug detects. Regarding the Overly permissive CORS policy, I located the file and the violation is due to the line response.setHeader("Access-Control-Allow-Origin", "*"); in class org.apache.fineract.infrastructure.security.filter.TenantAwareTenantIdentifierFilter "*" needs to be replaced by a particular domain. I'll be happy if I someone could help me with the domain. Thanks
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
