Imperva Cyber Community

Expand all | Collapse all

How to mitigate CORS?

  • 1.  How to mitigate CORS?

    Posted 17 days ago
    We have a scan report which found we are vulnerable to CORS:
    Access-Control-Allow-Credentials: true Any origin is accepted (Blindly reflect the Origin header value in Access-Control-Allow-Origin headers in responses)

    GET /cors/ HTTP/1.1
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Encoding: gzip,deflate
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
    Connection: Keep-alive

    How do I add Access-Control-Allow-Origin header with only selected, trusted domains with Securesphere?


    Noam Rotter
    Security Engineer

  • 2.  RE: How to mitigate CORS?

    Community Manager
    Posted 14 days ago
    Hi Noam,

    Thanks so much for posting your question here.

    I have asked some of the product team what they would respond to this one and, as much as I hate to say it, you need to raise it with support as it is quite technical. Sorry that we can't help on this occasion. It would be great to hear an update if you find something interesting that might be useful to the community.

    I look forward to your next post :-)

    Many thanks,

    Sarah Lamont
    Digital Community Manager

  • 3.  RE: How to mitigate CORS?

    Posted 13 days ago
    Hi Sarah,

    Thanks for the update.
    I will continue with the support.


    Noam Rotter
    Security Engineer