Nice implementation. I'm new to spray as such somethings may not be clear. Your cors directive seems to allow all origins from all domains.. I'm I correct? Isn't this a security issue?
Perhaps changing the first line in the code to accept an instance of List(AllOrigins) where method can be declared to include a List of concrete implementation of AllOrigins such as SomeOrigins. For improved security.
Then code use can be for instance:
cors(List(domain1.com, domain2.com){
PathPrefix('api'){
get{
.....more code here
}
}
}
Then again maybe I'm wrong could you please comment...
Hi,
Nice implementation. I'm new to spray as such somethings may not be clear. Your cors directive seems to allow all origins from all domains.. I'm I correct? Isn't this a security issue?
Perhaps changing the first line in the code to accept an instance of List(AllOrigins) where method can be declared to include a List of concrete implementation of AllOrigins such as SomeOrigins. For improved security.
Then code use can be for instance:
cors(List(domain1.com, domain2.com){
PathPrefix('api'){
get{
.....more code here
}
}
}
Then again maybe I'm wrong could you please comment...