rspec/rules/S5122/recommended.adoc

== Recommended Secure Coding Practices

* The ``Access-Control-Allow-Origin`` header should be set only for a trusted origin and for specific resources. 
* Allow only selected, trusted domains in the ``Access-Control-Allow-Origin`` header. Prefer whitelisting domains over blacklisting or allowing any domain (do not use * wildcard nor blindly return the ``Origin`` header content without any checks).
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`== Recommended Secure Coding Practices`

change the inline-code delimitters 2020-12-23 14:59:06 +01:00			* The ``Access-Control-Allow-Origin`` header should be set only for a trusted origin and for specific resources.
			* Allow only selected, trusted domains in the ``Access-Control-Allow-Origin`` header. Prefer whitelisting domains over blacklisting or allowing any domain (do not use * wildcard nor blindly return the ``Origin`` header content without any checks).