symfony-boilerplate
symfony-boilerplate copied to clipboard
thecodingmachine
Fix - CORS allowing undesired origins
Regex mode allowed undesired domains to perform cross-origin requests, by simply satisfying the regex corresponding to the authorized origin.
For instance, if the authorized origin (i.e. the web app) was https://my.website.com, cross-origin requests could be sent from https://my.website.com.mischievo.us, or even https://myawebsite.com.
