Origin Validation Error
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-346: Origin Validation Error |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The code sets the ‘Access-Control-Allow-Origin’ header to ‘*’, allowing any website to make requests to your application’s resources. This disables browser-based CORS protections and exposes your API or site to requests from any origin.
Impact#
Attackers could exploit this to make unauthorized cross-origin requests, potentially stealing sensitive data or performing actions as logged-in users. This weakens origin-based access controls and increases the risk of data leaks or misuse of your application’s APIs.