Cross-Origin Resource Sharing implemented with universal access

OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-942 WASC-14 WSTG-CLNT-07

Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HyperText Transfer Protocol (HTTP) header. This header will let the browser know that an application is running from one domain (Origin) and has permission to access resources from another origin (Server). This application is using Cross-Origin Resource Sharing in an insecure way. If this header is not properly configured, any website can issue requests made with user credentials and can read the responses to these requests.


The major impact includes code injection attacks. Code injection is the exploitation of a computer bug which includes processing invalid data.

Mitigation / Precaution

Beagle recommends the following:-

  • Allow only selected, trusted domains in the Access Control Allow Origin header. The server uses access control allow origin header to inform which domains are authorized for the request.

Latest Articles