Skip to content
This repository was archived by the owner on Apr 3, 2023. It is now read-only.

Commit ad786de

Browse files
laruelilarueli
committed
🐛 (CORS) Do not globally allow all origin
This is a per instance configuration. This should be set in env variables on the deployments, or instead in a .env.dev file
1 parent 78e15b0 commit ad786de

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

.env

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ DATABASE_URL="postgresql://db_user:[email protected]:5432/db_name?serverVers
3535
###< doctrine/doctrine-bundle ###
3636

3737
###> nelmio/cors-bundle ###
38-
CORS_ALLOW_ORIGIN=*
38+
CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
3939
###< nelmio/cors-bundle ###
4040

4141
###> sentry/sentry-symfony ###

0 commit comments

Comments
 (0)