← Cybersecurity Alphabet Soup

CORS

Cross-Origin Resource Sharing

appseceasy

CORS is a browser mechanism that lets a server declare which other websites may read its responses, relaxing the same-origin policy in a controlled way. Developers configure it with response headers like Access-Control-Allow-Origin during implementation. Misconfigured CORS, such as reflecting any origin with credentials allowed, can let malicious sites read sensitive data from a victim's session.

Sources

More in appsec