Avoid unsafe CORS headers このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください 。
このルールを試す ID: csharp-security/unsafe-cors
Language: C#
Severity: Warning
Category: Security
CWE : 346
Description Your CORS policy should never allow all other resources. Instead, you must have a restrictive CORS policy to ensure your application only connects and exchanges data with trusted sources.
Learn More Non-Compliant Code Examples class MyClass {
public static void payloadDecode ()
{
response . Headers . Add ( "Access-Control-Allow-Origin" , "*" );
response . Headers . Add ( HeaderNames . AccessControlAllowOrigin , "*" );
response . AppendHeader ( HeaderNames . AccessControlAllowOrigin , "*" );
}
}
Compliant Code Examples class MyClass {
public static void payloadDecode ()
{
response . Headers . Add ( "Access-Control-Allow-Origin" , "https://domain.tld" );
response . Headers . Add ( HeaderNames . AccessControlAllowOrigin , "https://domain.tld" );
response . AppendHeader ( HeaderNames . AccessControlAllowOrigin , "https://domain.tld" );
}
}
Seamless integrations. Try Datadog Code Analysis