- CORS: arbitrary origin trusted
- CORS: all subdomains trusted
- CORS: unencrypted origin trusted
There are many subtleties with CORS configuration that are not widely understood but can lead to catastrophic vulnerabilities, as described in today's blog post. This update puts all of the knowledge from this research into Burp so that it can accurately report all of the different problems that can arise with CORS.