7 lines
840 B
Plaintext
7 lines
840 B
Plaintext
Having a permissive Cross-Origin Resource Sharing policy is security-sensitive. It has led in the past to the following vulnerabilities:
|
|
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0269[CVE-2018-0269]
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14460[CVE-2017-14460]
|
|
|
|
https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy[Same origin policy] in browsers prevents, by default and for security-reasons, a javascript frontend to perform a cross-origin HTTP request to a resource that has a different origin (domain, protocol, or port) from its own. The requested target can append additional HTTP headers in response, called https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS[CORS], that act like directives for the browser and change the access control policy / relax the same origin policy.
|