feat: update CORS configuration to set allow_Credentials default to false

2026-03-12 20:03:50 +01:00
parent 8069b7019a
commit 2ce85f064f
5 changed files with 9 additions and 4 deletions
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -368,9 +368,10 @@ hapi:
    # K. CORS
    # -------------------------------------------------------------------------------
    cors:
-      allow_Credentials: true
+      # allow_Credentials: false
      allowed_origin:
        - "*"
+      # If you enable allow_Credentials=true, use explicit origins instead of "*".
      # Optional overrides. If omitted, built-in defaults are used.
      # allowed_headers:
      #   - Origin