* Frank Ch. Eigler: > Hi - > > I'm planning to commit this shortly: > > From 4ebefc8f3b4b8fb68a55c960e70122fda50a0fb9 Mon Sep 17 00:00:00 2001 > From: "Frank Ch. Eigler" <f...@redhat.com> > Date: Sat, 7 Dec 2024 15:01:54 -0500 > Subject: [PATCH] debuginfod: add CORS response headers and OPTIONS method
What are the security implications of a shared origin when serving (potentially third-party) debuginfo data? I think it will allow public web clients to exfiltrate debuginfo data from debuginfod servers on private intranets. Previously, the cross-origin restrictions on web content would have prevented that. Thanks, Florian
