Skip to content

Make Access-Control configurable instead of hardcoded #5

Description

@albe

Currently, the Acces-Control-Allow header is hardcoded to a * return value, i.e. the API can be called from any website. While this is a sane default, it might not be wanted in every case. The header value sent should be configurable via setting (assuming a global value for all controllers).

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions