Skip to content

Commit

Permalink
Modify rule S5122: Update code snippets about user-controlled origin (#…
Browse files Browse the repository at this point in the history 
…3963)
  • Loading branch information
@yassin-kammoun-sonarsource
yassin-kammoun-sonarsource authored Jun 5, 2024
1 parent 70bdb31 commit a5c028a
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions rules/S5122/javascript/rule.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ User-controlled origin:
[source,javascript]
----
function (req, res) {
const origin = req.header('Origin');
const origin = req.headers.origin;
res.setHeader('Access-Control-Allow-Origin', origin); // Sensitive
};
----
Expand Down Expand Up @@ -78,9 +78,9 @@ User-controlled origin validated with an allow-list:
[source,javascript]
----
function (req, res) {
const origin = req.header('Origin');
const origin = req.headers.origin;
if (trustedOrigins.indexOf(origin) >= 0) {
if (origin === 'trustedwebsite.com') {
res.setHeader('Access-Control-Allow-Origin', origin);
}
};
Expand Down

0 comments on commit a5c028a

Please sign in to comment.