Cross-Domain Misconfiguration

Open channa1 opened this issue 5 years ago • 0 comments

Before you describe your issue, idea or feature, please consider using this issue template.

Type of issue:

[ ] Bug / Error
[ ] Idea / Feature
[ ***] Improvement detail

Short description on the issue

Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server

Possible fix

Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance). Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.

May 13 '20 04:05 channa1