mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2025-02-05 05:18:30 +00:00
7d0e234b34
* The Safari extension apparently now uses the origin `file://` and expects that to be returned (see bitwarden/browser#1311, bitwarden/server#800). * The `Access-Control-Allow-Origin` header was reflecting the value of the `Origin` header without checking whether the origin was actually allowed. This effectively allows any origin to interact with the server, which defeats the purpose of CORS.