Vulnerabilities arising from Misconfigurations
Server-generated ACAO header from client-specified Origin headerErrors parsing Origin headersWhitelisted null origin valueExploiting XSS via CORS trust relationshipsBreaking TLS with poorly configured CORSIntranets and CORS without credentialsMitigations
PreviousAccess-Control-Allow-Origin response headerNextServer-generated ACAO header from client-specified Origin header
Last updated