API: Configure CORS
API7:2019 Security Misconfiguration:
-
Configure CORS -
Test your CORS config - https://cors-test.codehappy.dev/
Ref:
- Drupal 8.2: Opt-in CORS support: https://www.drupal.org/node/2715637
- OWASP: WSTG-CLNT-07: https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/07-Testing_Cross_Origin_Resource_Sharing
- More info: https://portswigger.net/web-security/cors
Edited by Janna