ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5122/php/rule.adoc
Arseniy Zaostrovnykh 716b335a56 Enable forced linebreaks in quotes; escape -- in url
2021-02-02 16:54:43 +01:00

58 lines
1.0 KiB
Plaintext
Raw Blame History

include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
----
header("Access-Control-Allow-Origin: *"); // Sensitive
----
Laravel
----
response()->header('Access-Control-Allow-Origin', "*"); // Sensitive
----
Symfony
----
use Symfony\Component\HttpFoundation\Response;
$response = new Response(
'Content',
Response::HTTP_OK,
['Access-Control-Allow-Origin' => '*'] // Sensitive
);
$response->headers->set('Access-Control-Allow-Origin', '*'); // Sensitive
----
== Compliant Solution
----
header("Access-Control-Allow-Origin: $trusteddomain"); // Compliant
----
Laravel
----
response()->header('Access-Control-Allow-Origin', $trusteddomain); /// Compliant
----
Symfony
----
use Symfony\Component\HttpFoundation\Response;
$response = new Response(
'Content',
Response::HTTP_OK,
['Access-Control-Allow-Origin' => $trusteddomain] /// Compliant
$response->headers->set('Access-Control-Allow-Origin',$trusteddomain); // Compliant
----
include::../see.adoc[]
Reference in New Issue View Git Blame Copy Permalink