ajinabraham.njsscan.headers.header_cors_star.generic_cors

profile photo of ajinabrahamajinabraham
Author
unknown
Download Count*
License

Access-Control-Allow-Origin response header is set to "*". This will disable CORS Same Origin Policy restrictions.

Run Locally

Run in CI

Defintion

rules:
  - id: generic_cors
    patterns:
      - pattern: |
          $APP.options('*', cors(...))
    message: Access-Control-Allow-Origin response header is set to "*". This will
      disable CORS Same Origin Policy restrictions.
    languages:
      - javascript
    severity: WARNING
    metadata:
      owasp-web: a6
      cwe: cwe-346
      license: LGPL-3.0-or-later
      vulnerability_class:
        - Other