Description
Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to allow a web application running at one origin to access selected resources from a different origin. However, allowing CORS without specific need can lead to the disclosure of sensitive information to foreign origins.
Recommendation
Consider removing the Access-Control-Allow-Origin header altogether or restrict it to specific origins as needed to minimize the risk of sensitive data exposure.