78 lines
1.4 KiB
Plaintext
78 lines
1.4 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
header("Access-Control-Allow-Origin: *"); // Sensitive
|
|
----
|
|
|
|
Laravel
|
|
|
|
----
|
|
response()->header('Access-Control-Allow-Origin', "*"); // Sensitive
|
|
----
|
|
|
|
Symfony
|
|
|
|
----
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
$response = new Response(
|
|
'Content',
|
|
Response::HTTP_OK,
|
|
['Access-Control-Allow-Origin' => '*'] // Sensitive
|
|
);
|
|
$response->headers->set('Access-Control-Allow-Origin', '*'); // Sensitive
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
[source,php]
|
|
----
|
|
header("Access-Control-Allow-Origin: $trusteddomain"); // Compliant
|
|
----
|
|
|
|
Laravel
|
|
|
|
[source,php]
|
|
----
|
|
response()->header('Access-Control-Allow-Origin', $trusteddomain); /// Compliant
|
|
----
|
|
|
|
Symfony
|
|
|
|
[source,php]
|
|
----
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
$response = new Response(
|
|
'Content',
|
|
Response::HTTP_OK,
|
|
['Access-Control-Allow-Origin' => $trusteddomain] /// Compliant
|
|
|
|
$response->headers->set('Access-Control-Allow-Origin',$trusteddomain); // Compliant
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
include::../highlighting.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|