Client Side Vulnerabilities / Cross-Origin Resource Sharing

Description

Cross-origin resource sharing (CORS) is a vulnerability that occurs when a malicious website is allowed to access resources in a different domain. It is classified as a client-side vulnerability because it is the client's browser that is responsible for controlling access to resources. CORS is classified as CWE-918 in the CWE directory. According to the OWASP Testing Guide, CORS is a security risk because it can allow attackers to access sensitive APIs, such as those that contain user credentials or other sensitive information.

Risk

The risk associated with CORS is that it allows attackers to access sensitive APIs that would otherwise be inaccessible. An attacker can use CORS to gain access to a user's credentials, which can then be used to gain access to accounts or perform malicious activities. Additionally, CORS can be used to bypass the same-origin policy, which is a security measure that limits the ability of a website to access resources in different domains.

Solution

To mitigate the risk associated with CORS, web developers should configure their applications to only allow requests from trusted domains. This can be done by enabling the Access-Control-Allow-Origin header, which instructs the browser to only allow requests from specified domains. Additionally, developers should use HTTPS when sending requests, as this will ensure that requests cannot be intercepted or modified.