diff options
author | Nick Thomas <nick@gitlab.com> | 2016-09-22 13:21:55 +0100 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2016-09-26 13:05:01 +0100 |
commit | 3870138960b6918d999f879bed5e8d938ea43fae (patch) | |
tree | 048eb19fea94d6b17cbb00b004197c25901409c1 /spec | |
parent | ae5831500a953528ec79a87f1da52ced014f74d7 (diff) | |
download | gitlab-ce-3870138960b6918d999f879bed5e8d938ea43fae.tar.gz |
Set a restrictive CORS policy on the API for credentialed requests
Cross-origin requests can still be made, as long as the client doesn't
use the Rails session cookie to do so. Existing clients should not
be setting 'withCredentials: true', so this should be fine.
Diffstat (limited to 'spec')
0 files changed, 0 insertions, 0 deletions