Client Side Vulnerabilities / Cross-Origin Resource Sharing: Unencrypted Origin Trusted
Description
A Cross-Origin Resource Sharing (CORS) policy controls whether and how content running on other domains can interact with the domain that publishes the policy. The policy is granular and can apply per-request access controls based on the URL and other characteristics of the request.
Risk
If a site allows interaction from an origin that uses unencrypted HTTP communications, then it is vulnerable to an attacker who is in a position to view and modify a user's unencrypted network traffic. The attacker can control the responses from unencrypted origins, thereby injecting content that is able to interact with the application that publishes the policy. This means that the application is effectively extending trust to all such attackers, thereby undoing much of the benefit of using HTTPS communications.
Solution
Any inappropriate domains should be removed from the CORS policy. Instead of using a wildcard or programmatically checking the supplied source, it is recommended to use a whitelist of trusted domains and deny access to all other domains.