Fortinet white logo
Fortinet white logo

Handbook

CORS Protection

CORS Protection

Cross-Origin Resource Sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain The CORS standard works by adding new HTTP headers that allow servers to describe which origins are permitted to read that information from a web browser. It extends and adds flexibility to the same-origin policy so that websites would not be restricted to accessing resources from the same origin.

However, in the process of enabling information sharing between sites, the significance of CORS configuration may be overlooked and allow for vulnerabilities. One such example is the Cross-Origin Request Site, an OWASP TOP10 Security Misconfiguration vulnerability.

To protect your applications against CORS vulnerabilities, use the CORS Protection feature to ensure that only legitimate CORS requests from allowed web applications can reach your application.

The Web Application Firewall > CORS Protection sub-menu includes the following:

CORS Protection

CORS Protection

Cross-Origin Resource Sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain The CORS standard works by adding new HTTP headers that allow servers to describe which origins are permitted to read that information from a web browser. It extends and adds flexibility to the same-origin policy so that websites would not be restricted to accessing resources from the same origin.

However, in the process of enabling information sharing between sites, the significance of CORS configuration may be overlooked and allow for vulnerabilities. One such example is the Cross-Origin Request Site, an OWASP TOP10 Security Misconfiguration vulnerability.

To protect your applications against CORS vulnerabilities, use the CORS Protection feature to ensure that only legitimate CORS requests from allowed web applications can reach your application.

The Web Application Firewall > CORS Protection sub-menu includes the following: