Change Config on CORS Policy

sbradthompson — Fri, 15 Sep 2023 15:19:16 GMT

I have been asked by my IT security team to :

You should disallow access to CORS requests with the “Origin: null” header especially in the case of credentialed requests.

They say it's an easy fix, anyone have any insight to help here?

Re: Change Config on CORS Policy

Jaycee_Lewis — Tue, 19 Sep 2023 15:44:00 GMT

Hi, @sbradthompson 👋 It's not possible to give a specific answer without more details.

Here are a few questions to help clarify things:

What backend framework or server are you using? (Express.js, Flask, etc)
How is your CORS currently set up? Are you using a specific library or middleware to handle CORS?
Are these requests part of an app? If so, where is your application hosted?
Do you know the circumstances under which you're receiving requests with “Origin: null”? Understanding the context helps our community give you targeted advice

Thanks for the additional details! — Jaycee