Skip to content
This repository was archived by the owner on Dec 19, 2023. It is now read-only.

Commit 0631b00

Browse files
oliemansmoliemansm
committed
Fix security hotspot making cors by default less permissive
1 parent fd2d4aa commit 0631b00

File tree

2 files changed

+0
-3
lines changed

2 files changed

+0
-3
lines changed

example-graphql-tools/src/main/resources/application.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,5 +6,3 @@ server:
66
graphql:
77
servlet:
88
exception-handlers-enabled: true
9-
tools:
10-
introspection-enabled: false

graphql-spring-boot-autoconfigure/src/main/java/graphql/kickstart/spring/web/boot/GraphQLWebAutoConfiguration.java

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -159,7 +159,6 @@ public CorsConfiguration corsConfiguration() {
159159
@ConditionalOnProperty(value = "graphql.servlet.corsEnabled", havingValue = "true", matchIfMissing = true)
160160
public CorsFilter corsConfigurer(CorsConfiguration corsConfiguration) {
161161
Map<String, CorsConfiguration> corsConfigurations = new LinkedHashMap<>(1);
162-
corsConfiguration.applyPermitDefaultValues();
163162
corsConfigurations.put(graphQLServletProperties.getCorsMapping(), corsConfiguration);
164163

165164
UrlBasedCorsConfigurationSource configurationSource = new UrlBasedCorsConfigurationSource();

0 commit comments

Comments
 (0)