Research Academy
My account Customers About Blog Careers Legal Contact Resellers
Back to all learning paths
PRACTITIONER

Cross-origin resource sharing (CORS)

This learning path provides an in-depth understanding of CORS, including common examples of CORS-based attacks and how to protect against these attacks.

Contents

Get started: What is CORS (cross-origin resource sharing)?

0 of 21

GET STARTED

What is CORS (cross-origin resource sharing)? 0 of 1

What is CORS (cross-origin resource sharing)? Get started

Same-origin policy 0 of 1

Same-origin policy

Relaxation of the same-origin policy 0 of 1

Relaxation of the same-origin policy

Vulnerabilities arising from CORS configuration issues 0 of 12

Vulnerabilities arising from CORS configuration issues

Lab: CORS vulnerability with basic origin reflection APPRENTICE

Server-generated ACAO header from client-specified Origin header

Errors parsing Origin headers

Errors parsing Origin headers - Continued

Whitelisted null origin value

Lab: CORS vulnerability with trusted null origin APPRENTICE

Exploiting XSS via CORS trust relationships

Exploiting XSS via CORS trust relationships - Continued

Breaking TLS with poorly configured CORS

Lab: CORS vulnerability with trusted insecure protocols PRACTITIONER

Intranets and CORS without credentials

How to prevent CORS-based attacks 0 of 6

How to prevent CORS-based attacks

Proper configuration of cross-origin requests

Only allow trusted sites

Avoid whitelisting null

Avoid wildcards in internal networks

CORS is not a substitute for server-side security policies