rspec/rules/S5122/ask-yourself.adoc

== Ask Yourself Whether

* You don't trust the origin specified, example:  ``Access-Control-Allow-Origin: untrustedwebsite.com``.
* Access control policy is entirely disabled: ``Access-Control-Allow-Origin: *`` 
* Your access control policy is dynamically defined by a user-controlled input like https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin[``origin``] header.

There is a risk if you answered yes to any of those questions.
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`== Ask Yourself Whether`

change the inline-code delimitters 2020-12-23 14:59:06 +01:00			* You don't trust the origin specified, example: ``Access-Control-Allow-Origin: untrustedwebsite.com``.
			* Access control policy is entirely disabled: ``Access-Control-Allow-Origin: *``
			* Your access control policy is dynamically defined by a user-controlled input like https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin[``origin``] header.
Add rules 5000-5999 2020-06-30 12:50:28 +02:00
			`There is a risk if you answered yes to any of those questions.`