Description
We currently use the jsonp technique to bypass CORS check. This practice has many security concerns (see discussions on MESOS-5911) so we should replace it with a better alternative.
Attachments
Attachments
Issue Links
- is related to
-
MESOS-5911 Webui redirection to leader in browser does not work
- Resolved
-
MESOS-3796 Mesos Master and Agent http api should support configurable CORS headers
- Open
- relates to
-
MESOS-7826 XSS in JSONP parameter
- Accepted