Attachment #389208 for bug #524682

View | Details | Raw Unified | Return to bug 524682
Collapse All | Expand All




# it unless you need it is recommended (it is disabled by default).
#
#http.jsonp.enable: true

# Patched by Gentoo due to CVE-2014-6439, for details please see
# https://bugs.gentoo.org/show_bug.cgi?id=524682
#
# Enable or disable cross-origin resource sharing, i.e. whether a browser
# on another origin can do requests to Elasticsearch (defaults to true).
#
http.cors.enabled: false

# For further http.cors.* settings, please see Elasticsearch documentation at
# http://www.elasticsearch.org/guide/en/elasticsearch/reference/1.3/modules-http.html

Return to bug 524682

Lines 383-385 Link Here

(-)config/elasticsearch.yml (+11 lines)
383	# it unless you need it is recommended (it is disabled by default).	383	# it unless you need it is recommended (it is disabled by default).
384	#	384	#
385	#http.jsonp.enable: true	385	#http.jsonp.enable: true
		386
		387	# Patched by Gentoo due to CVE-2014-6439, for details please see
		388	# https://bugs.gentoo.org/show_bug.cgi?id=524682
		389	#
		390	# Enable or disable cross-origin resource sharing, i.e. whether a browser
		391	# on another origin can do requests to Elasticsearch (defaults to true).
		392	#
		393	http.cors.enabled: false
		394
		395	# For further http.cors.* settings, please see Elasticsearch documentation at
		396	# http://www.elasticsearch.org/guide/en/elasticsearch/reference/1.3/modules-http.html