发表新帖
发表新帖

Cross-Origin Resource Sharing (CORS) - am I missing something here?

后端 未结
关注
6 985
轻奢々
轻奢々 2021-01-31 04:36

I was reading about CORS and I think the implementation is both simple and effective.

However, unless I\'m missing something, I think there\'s a big part missing from th

6条回答
  • 花落未央
    花落未央 (楼主)
    2021-01-31 05:01

    Your worries are completely valid.

    However, more worrisome is the fact that there doesn't need to be any malicious code present for this to be taken advantage of. There are a number of DOM-based cross-site scripting vulnerabilities that allow attackers to take advantage of the issue you described and insert malicious JavaScript into vulnerable webpages. The issue is more than just where data can be sent, but where data can be received from.

    I talk about this in more detail here:

    • http://isisblogs.poly.edu/2011/06/22/cross-origin-resource-inclusion/
    • http://files.meetup.com/2461862/Cross-Origin%20Resource%20Inclusion%20-%20Revision%203.pdf

    0 讨论(0)
 看不清?
提交回复
热议问题