While testing a website, I noticed it had a CORS (Cross-Origin Resource Sharing) issue. Basically, the server was allowing any origin by reflecting the Origin header in the response.
I sent a request with:
Origin: https://attacker.com
And the response had:
Access-Control-Allow-Origin: https://attacker.com
This means any attacker-controlled website could make requests to this domain and read the response — which is dangerous if sensitive data is returned.
I reported it and the issue got fixed by using a proper allowlist instead of a wildcard or reflection.
Top comments (0)