So we are postponing the advisory in order to find a better workaround.
The ideal would be to find a backport-able fix. But in the case this is not feasible, maybe we could come up with a better than nothing interim solution like an option to make sure origin scheme is https ?
So we are postponing the advisory in order to find a better workaround.
The ideal would be to find a backport-able fix. But in the case this is not feasible, maybe we could come up with a better than nothing interim solution like an option to make sure origin scheme is https ?