Now days, many web application architecture need to interact with subdomains or third-party sites in a way that requires full cross-origin access. A controlled relaxation of the same-origin policy (SOP) is possible using cross-origin resource sharing (CORS).
For example, suppose a website with origin
gingsoft.com causes the following cross-domain REQUEST to
GET /data HTTP/1.1
Origin : https://gingsoft.com
HTTP/1.1 200 OK
The browser will allow code running on
gingsoft.com to access the response because the origins match.
For example, suppose an application grants access to all domains ending in:
An attacker might be able to gain access by registering the domain:
Alternatively, suppose an application grants access to all domains beginning with
An attacker might be able to gain access using the domain:
- Only allow trusted sites
- Avoid using the whitelist header
- Avoid using wildcards in internal networks. Trusting network configuration alone to protect internal resources is not sufficient when internal browsers can access untrusted external domains.