coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update cors-bypass.md

Browse Source
This commit is contained in:
GO 2022-07-19 14:56:22 +01:00 committed by GitHub
parent 45b9566643
commit 95753e3997
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pentesting-web/cors-bypass.md
View File

@ -20,7 +20,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
The CORS (Cross-origin resource sharing) standard is needed because it **allows servers to specify who can access its assets** and which **HTTP request methods are allowed** from external resources. The CORS (Cross-origin resource sharing) standard is needed because it **allows servers to specify who can access its assets** and which **HTTP request methods are allowed** from external resources.
In a **same-origin** policy, is needed that both the **server requesting** a resource and the server where the **resource** is located uses the same protocol ([http://),domain](http://\),domain) name (internal-web.com) and the same **port** (80). Then, if the server forces the same-origin policy, only web pages from the same domain and port will be able to access the resources. A **same-origin** policy, requiers that both the **server requesting** a resource and the server where the **resource** is located uses the same protocol ([http://),domain](http://\),domain) name (internal-web.com) and the same **port** (80). Then, if the server forces the same-origin policy, only web pages from the same domain and port will be able to access the resources.
The following table shows how the same-origin policy will be applied in `http://normal-website.com/example/example.html` : The following table shows how the same-origin policy will be applied in `http://normal-website.com/example/example.html` :