Protocol: CORS¶

Identifier: cors

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

CORS misconfigurations allow unauthorized websites to make cross-origin requests to your API, potentially enabling attackers to perform actions on behalf of authenticated users or access sensitive data.

How we test: We analyze CORS response headers to detect overly permissive configurations such as wildcard origins, credentials allowed with wildcard origins, or null origin acceptance. We test various origin values to identify if the application inappropriately allows cross-origin requests.

References:

https://portswigger.net/web-security/cors

Configuration¶

Example¶

Example configuration:

---
security_tests:
  cors:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.