Cross-origin resource sharing (CORS)

Contents

0 of 21

What is CORS (cross-origin resource sharing)? 0 of 1

What is CORS (cross-origin resource sharing)? APPRENTICE Get started

Same-origin policy 0 of 1

Same-origin policy APPRENTICE

Relaxation of the same-origin policy 0 of 1

Relaxation of the same-origin policy APPRENTICE

Vulnerabilities arising from CORS configuration issues 0 of 12

Vulnerabilities arising from CORS configuration issues APPRENTICE

Lab: CORS vulnerability with basic origin reflection APPRENTICE

Server-generated ACAO header from client-specified Origin header APPRENTICE

Errors parsing Origin headers APPRENTICE

Errors parsing Origin headers - Continued APPRENTICE

Whitelisted null origin value APPRENTICE

Lab: CORS vulnerability with trusted null origin APPRENTICE

Exploiting XSS via CORS trust relationships APPRENTICE

Exploiting XSS via CORS trust relationships - Continued APPRENTICE

Breaking TLS with poorly configured CORS APPRENTICE

Lab: CORS vulnerability with trusted insecure protocols PRACTITIONER

Intranets and CORS without credentials APPRENTICE

How to prevent CORS-based attacks 0 of 6

How to prevent CORS-based attacks APPRENTICE

Proper configuration of cross-origin requests APPRENTICE

Only allow trusted sites APPRENTICE

Avoid whitelisting null APPRENTICE

Avoid wildcards in internal networks APPRENTICE

CORS is not a substitute for server-side security policies APPRENTICE