The http page should not be recommending a security topic - CORS

XMLWordPrintableJSON

    • Type: Change Request
    • Resolution: Persuasive
    • Priority: Medium
    • FHIR Core (FHIR)
    • STU3
    • FHIR Infrastructure
    • Normative
    • REST (http)
    • Hide

      Make a task to delete the security note ("Experience shows that this is an area where ongoing issues may be expected as security holes are found and closed on an ongoing basis.") about CORS (on http.html) from the security page and move it to the security page

      Also, make the reference to CORS an explicit link to the (section about CORS on) the security page.

      Show
      Make a task to delete the security note ("Experience shows that this is an area where ongoing issues may be expected as security holes are found and closed on an ongoing basis.") about CORS (on http.html) from the security page and move it to the security page Also, make the reference to CORS an explicit link to the (section about CORS on) the security page.
    • Grahame Grieve/John Moehrke: 11-0-0
    • Enhancement
    • Non-substantive
    • STU3

      There is a "Note" recommending CORS. This is a security recommendation and should not appear on the http page. Further the use of CORS is not an appropritate gross security recommendation, as it is only appropriate under very specific conditions. CORS can be very dangerous for the security of a system.

      Please remove CORS recommendation from the http page.

      Note another useful reference for CORS https://www.moesif.com/blog/technical/cors/Authoritative-Guide-to-CORS-Cross-Origin-Resource-Sharing-for-REST-APIs/

            Assignee:
            Unassigned
            Reporter:
            John Moehrke
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: