CORS Reflected Origin

Cross Origin Resource Sharing (CORS) is a way to punch hole in the security brought by a browser. If it is not done carefully, it may result into security vulnerabilities. CORS is an HTTP-header that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources. Reflecting the value from `Origin` request header in the `Access-Control-Allow-Origin` response header eliminates the protection as an adversary can cross-domain request from any origin.

Remediation

Do no reflect the `Origin` header
Specify a whitelist of domains from which requests are allowed.

Metadata

Severity: informational
Slug: cors-reflected-origin

CWEs

346: Origin Validation Error

OWASP

A01:2021: Broken Access Control

Available Labs

Open Javascript labs in SecDim Play for this vulnerability.

easy

CORS.js

JavaScript Easy Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.