to seek a waiver I will need some proof that options is indeed required to be used or some form of declaration from the devs.
On Friday, October 30, 2020 at 9:26:09 PM UTC+8 Harald Koch wrote: > On Fri, Oct 30, 2020, at 05:45, Vincent Pek wrote: > > agree on that.. but my company policy states that even for info/low I need > to seek waiver to close it off.. > > > So ... seek a waiver? Or better - get your security team to disable this > particular check, since it's both useless (attackers can just probe HTTP > methods without asking first) and wrong (RESTful APIs and CORS both use the > OPTIONS method). > > -- > Harald > > -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/e30fea0e-0481-4344-9aa6-84fa11384e14n%40googlegroups.com.
