Comment 5 for bug 2016278

We still haven't heard any response, and I'm not convinced Swift needs any code changes as the endpoint is disabled by default. We have updated our documentation to call out the permissiveness of the default policy, highlight that it may not be appropriate for all deployments, and link to CWE-942. I think we can make this public now, and close it as invalid.