rspec/rules/S5122/ask-yourself.adoc

== Ask Yourself Whether

* You don't trust the origin specified, example:  ``++Access-Control-Allow-Origin: untrustedwebsite.com++``.
* Access control policy is entirely disabled: ``++Access-Control-Allow-Origin: *++`` 
* Your access control policy is dynamically defined by a user-controlled input like https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin[``++origin++``] header.

There is a risk if you answered yes to any of those questions.
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`== Ask Yourself Whether`

make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			* You don't trust the origin specified, example: ``++Access-Control-Allow-Origin: untrustedwebsite.com++``.
			* Access control policy is entirely disabled: ``++Access-Control-Allow-Origin: *++``
			* Your access control policy is dynamically defined by a user-controlled input like https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin[``++origin++``] header.
Add rules 5000-5999 2020-06-30 12:50:28 +02:00
			`There is a risk if you answered yes to any of those questions.`