arduino-create-agent icon indicating copy to clipboard operation
arduino-create-agent copied to clipboard

Published 20 hours ago verified publisher icon arduino

Make sure to add proper CORS only on the listening ports

Open mastrolinux opened this issue 9 years ago • 0 comments

https://github.com/arduino/arduino-create-agent/blob/devel/main.go#L220 Right now we cycle on every port and add too many CORS headers. It will allow an attacker to run a process on localhost and use our own certificate.

mastrolinux avatar Jan 21 '16 16:01 mastrolinux