In your tutorial on security, you present a coffeescript example for tuning Browser Policies.
It's published here: http://orionjs.org/tutorials/securing-orion
On te second to last line
origin = "#{protocol}://#{origin}"a variable origin is reused. But this is done in a loop! So the second iteration this will become something like https://http://*.example.com Which is wrong ofcourse...
It would be solved by changing the last 2 line with:
pattern = "#{protocol}://#{origin}"
BrowserPolicy.content.allowOriginForAll pattern
In your tutorial on security, you present a coffeescript example for tuning Browser Policies.
It's published here: http://orionjs.org/tutorials/securing-orion
On te second to last line
a variable origin is reused. But this is done in a loop! So the second iteration this will become something like https://http://*.example.com Which is wrong ofcourse...
It would be solved by changing the last 2 line with: