Skip to content

security: restrict CORS origin policy in production server config #115

Description

@dobby-coder

This issue tracks tightening the CORS configuration in the production nginx server to use specific allowed origins instead of a wildcard.

Related advisory: https://github.com/encryption4all/postguard-outlook-addon/security/advisories/GHSA-m957-9cxh-72q7

Metadata

Metadata

Assignees

No one assigned

    Labels

    securitySecurity audit findings

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions