Cross-Origin Resource Sharing implemented with universal access

Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HyperText Transfer Protocol (HTTP) header. This header will let the browser know that an application is running from one domain (Origin) and has permission to access resources from another origin (Server). This application is using Cross-Origin Resource Sharing in an insecure way. If this header is not properly configured, any website can issue requests made with user credentials and can read the responses to these requests.

Impact

The major impact includes code injection attacks. Code injection is the exploitation of a computer bug which includes processing invalid data.

Mitigation / Precaution

Beagle recommends the following:-

  • Allow only selected, trusted domains in the Access Control Allow Origin header. The server uses access control allow origin header to inform which domains are authorized for the request.

Latest Articles