CROSS-ORIGIN RESOURCE SHARING / CORS
defined.

What is Cross-Origin Resource Sharing (CORS)?

Misconfigured CORS is a perpetual source of bugs: reflecting the Origin header and combining with Access-Control-Allow-Credentials: true defeats the same-origin policy and lets attackers read authenticated responses. Allowlist origins explicitly; never use * with credentials.

Related terms.

• Cross-Site Request Forgery (CSRF)
• Cross-Site Scripting (XSS)
• Content Security Policy (CSP)
• Clickjacking

Where this shows up.

See our web application penetration testing, API security testing, network penetration testing, and cloud security audit services for how we test for and defend against this class of issue.