https://bugzilla.redhat.com/show_bug.cgi?id=1579611
--- Comment #22 from Doran Moppert <dmoppert(a)redhat.com> ---
Mitigation:
When using the CORS filter, it is recommended to configure it explicitly for
your environment. In particular, the combination of `cors.allowed.origins = *`
and `cors.support.credentials = True` should be avoided as this can leave your
application vulnerable to cross-site scripting (XSS). For details on
configuring CORS filter, please refer to
https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter
--
You are receiving this mail because:
You are on the CC list for the bug.