KL-1: core_allowed_origins example config should be empty

2026-04-28 11:49:39 -05:00 · 2025-12-01 12:53:06 -08:00
parent 4de32b08e5
commit c998edaa73
1 changed files with 1 additions and 1 deletions
--- a/config/core.config.toml
+++ b/config/core.config.toml
@@ -333,7 +333,7 @@ auth_rate_limit_window_seconds = 60
 ## Production setups should configure this explicitly.
 ## Env: KOMODO_CORS_ALLOWED_ORIGINS
 ## Default: empty
-cors_allowed_origins = ["*"]
+cors_allowed_origins = []

 ## Tell CORS to allow credentials in requests.
 ## Set true only if needed for authentication proxy.