rspec/rules/S5122/recommended.adoc

== Recommended Secure Coding Practices

* The ``++Access-Control-Allow-Origin++`` header should be set only for a trusted origin and for specific resources. 
* Allow only selected, trusted domains in the ``++Access-Control-Allow-Origin++`` header. Prefer whitelisting domains over blacklisting or allowing any domain (do not use * wildcard nor blindly return the ``++Origin++`` header content without any checks).
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`== Recommended Secure Coding Practices`

make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			* The ``++Access-Control-Allow-Origin++`` header should be set only for a trusted origin and for specific resources.
			* Allow only selected, trusted domains in the ``++Access-Control-Allow-Origin++`` header. Prefer whitelisting domains over blacklisting or allowing any domain (do not use * wildcard nor blindly return the ``++Origin++`` header content without any checks).