ajinabraham.njsscan.header_cors_star.generic_cors

ajinabraham

Author

1,129

Download Count*

GPLv3

License

Access-Control-Allow-Origin response header is set to "*". This will disable CORS Same Origin Policy restrictions.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: generic_cors
    patterns:
      - pattern: |
          $APP.options('*', cors(...))
    message: Access-Control-Allow-Origin response header is set to "*". This will
      disable CORS Same Origin Policy restrictions.
    languages:
      - javascript
    severity: WARNING
    metadata:
      owasp-web: a6
      cwe: cwe-346
      license: LGPL-3.0-or-later

Short Link: https://sg.run/Q5Xd