Stackle icon indicating copy to clipboard operation
Stackle copied to clipboard
verified publisher icon scorelab

Cross-Domain Misconfiguration on Stackle App

Open thishnika opened this issue 4 years ago • 0 comments

Fixes CWE-264, CWE-269, CWE-269 & WASC-14 vulnerabilities on Stackle-app

Changes proposed in the pull request

Configure the "Access-Control-Allow-Origin" HTTP response header to a more restrictive set of domains, instead of the wildcard (*)

Impact

Allows the web browsers to enforce the Same Origin Policy (SOP) in a more restrictive manner

Other information

References

  1. http://www.hpenterprisesecurity.com/vulncat/en/vulncat/vb/html5_overly_permissive_cors_policy.html
  2. https://www.packetlabs.net/cross-origin-resource-sharing-cors/

thishnika avatar May 29 '21 01:05 thishnika