CORS

CORS Misconfigurations: When Your Browser Trusts the Wrong Origin

Cross-Origin Resource Sharing protects your API from unauthorized access — unless it's misconfigured. Here are the CORS mistakes we find in almost every audit.