8 lines
457 B
Plaintext
8 lines
457 B
Plaintext
== Ask Yourself Whether
|
|
|
|
* You don't trust the origin specified, example: ``++Access-Control-Allow-Origin: untrustedwebsite.com++``.
|
|
* Access control policy is entirely disabled: ``++Access-Control-Allow-Origin: *++``
|
|
* Your access control policy is dynamically defined by a user-controlled input like https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin[``++origin++``] header.
|
|
|
|
There is a risk if you answered yes to any of those questions.
|