Cross-Origin Resource Sharing Allowed
Impact: Informational
Description
Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to allow a web application running at one origin to access selected resources from a different origin. However, allowing CORS without specific need can lead to the disclosure of sensitive information to foreign origins.
Recommendation
Consider removing the Access-Control-Allow-Origin
header altogether or restrict it to specific origins as needed to minimize the risk of sensitive data exposure.
References
👉 You might also like:
ASP.NET Version Disclosure - Vulnerability
Content Character Encoding is not Defined - Vulnerability
Content-Security-Policy Header is Missing - Vulnerability
Cookie Accessible for Subdomains - Vulnerability
Last updated on May 13, 2024