From 382899730be066702e0f7406119e662ba9587ff7 Mon Sep 17 00:00:00 2001
From: jsnjns <joneswvu@protonmail.com>
Date: Mon, 10 Jan 2022 13:04:15 -0500
Subject: [PATCH] Update 'src/main/resources/application.properties'

Added explicit property just to be certain that we don't expose the h2 console to other machines.
---
 src/main/resources/application.properties | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 5c7798e..0a71155 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,7 +1,9 @@
 # ---Comments without preceeding '---' are settings to enable for development
 
 # ---Enable H2 console
-# spring.h2.console.enabled=true
+spring.h2.console.enabled=true
+# ---This defaults to false, but we'll include it considering the latest vulnerability - CVE-2021-42392
+spring.h2.console.settings.web-allow-others=false
 
 # ---Turn Statistics on
 spring.jpa.properties.hibernate.generate_statistics=true