|
} |
|
|
|
@CrossOrigin(origins = "*") |
|
@RequestMapping(value = "/comments/{id}", method = RequestMethod.DELETE, produces = "application/json") |
|
Boolean deleteComment(@RequestHeader(value="x-auth-token") String token, @PathVariable("id") String id) { |
|
return Comment.delete(id); |
|
} |
|
} |
|
|
|
class CommentRequest implements Serializable { |
|
public String username; |
Filename: CommentsController.java
Line: 32
CWE: 942 (Permissive Cross-domain Policy with Untrusted Domains ('Authorization Issues'))
Cross-origin resource sharing (CORS) is a technique implemented by modern browsers to relax principles of same-origin policy, so that legitimate sites with different origins can interact with each other. Spring provides this support via @crossorigin annotation. Not restricting access to web resources (@crossorigin("*")), opens it up for attackers to inadvertently access restricted resources. An application should always check the origin of a request to be coming from a trusted source, before serving it. Please restrict the allowed domains which can access this resource References: CWE CORS support in Spring Framework REST Security Cheat Sheet at OWASP /nDon't know how to fix this? Don't know why this was reported?
Get Assistance from Veracode
vulnado//src/main/java/com/scalesec/vulnado/CommentsController.java
Lines 27 to 37 in b790dcd
Filename: CommentsController.java
Line: 32
CWE: 942 (Permissive Cross-domain Policy with Untrusted Domains ('Authorization Issues'))
Cross-origin resource sharing (CORS) is a technique implemented by modern browsers to relax principles of same-origin policy, so that legitimate sites with different origins can interact with each other. Spring provides this support via @crossorigin annotation. Not restricting access to web resources (@crossorigin("*")), opens it up for attackers to inadvertently access restricted resources. An application should always check the origin of a request to be coming from a trusted source, before serving it. Please restrict the allowed domains which can access this resource References: CWE CORS support in Spring Framework REST Security Cheat Sheet at OWASP /nDon't know how to fix this? Don't know why this was reported?
Get Assistance from Veracode