14.5.3 CORS Access-Control-Allow-Origin header uses a strict white-list of trusted domains¶
Verify that the cross-domain resource sharing (CORS) Access-Control-Allow-Origin header uses a strict white-list of trusted domains to match against and does not support the “null” origin.
| Level 1 | X |
| Level 2 | X |
| Level 3 | X |
| CWE | NIST |
|---|---|
| 346 |