Avoid overly permissive CORS
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
ID: java-security/permissive-cors
Language: Java
Severity: Warning
Category: Security
Description
Do not set overly permissive CORS requests. Restrict the host allowed to communicate with to prevent potential malicious requests in your application.
Learn More
Non-Compliant Code Examples
class NotCompliant {
@GET
@Path("/some/path")
public Response getRoute() {
response.addHeader("Access-Control-Allow-Origin: *");
}
}
class NotCompliant {
@GET
@Path("/some/path")
public Response getRoute() {
response.addHeader("Access-Control-Allow-Origin", "*");
}
}
Compliant Code Examples
class NotCompliant {
@GET
@Path("/some/path")
public Response getRoute() {
response.addHeader("Access-Control-Allow-Origin", "https://developer.mozilla.org");
}
}
class NotCompliant {
@GET
@Path("/some/path")
public Response getRoute() {
response.addHeader("Access-Control-Allow-Origin: https://developer.mozilla.org");
}
}
Seamless integrations. Try Datadog Code Analysis