Remove Access-Control-Allow-Origin#2484
Remove Access-Control-Allow-Origin#2484jvoisin wants to merge 1 commit intoAdguardTeam:masterfrom jvoisin:remove_allow_origin
Conversation
It doesn't server any purpose, and allows website to probe if AdGuard Home is currently running on the LAN of the user by bruteforcing common IP addresses (192.168.1.0/24 and 192.168.0.0/24) until one of them returns AGH's html.
Codecov Report
@@ Coverage Diff @@
## master #2484 +/- ##
=======================================
Coverage 38.66% 38.66%
=======================================
Files 84 84
Lines 9471 9470 -1
=======================================
Hits 3662 3662
+ Misses 5351 5350 -1
Partials 458 458
Continue to review full report at Codecov.
|
|
@ainar-g please check the commits history. I don't remember why we added, but I believe there was a reason for this. |
|
Thanks for the contribution! I've analyzed the history of that line and discovered that we do need to set the header in some cases (the main one being the state after the user enables HTTPS redirect) but probably not to |
Merge in DNS/adguard-home from 2484-access-control to master Updates AdguardTeam#2484. Squashed commit of the following: commit 4f0c6dd Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Feb 5 12:42:22 2021 +0300 home: don't allow all origins
It doesn't server any purpose, and allows website to
probe if AdGuard Home is currently running on the LAN of the
user by bruteforcing common IP addresses (192.168.1.0/24 and 192.168.0.0/24)
until one of them returns AGH's html.