CORS Misconfiguration Scanner
-
Updated
Sep 17, 2022 - Python
Cross-origin resource sharing(CORS) is a mechanism that allows restricted resources on a web page to be accessed from another domain outside the domain from which the first resource was served. CORS also relies on a mechanism by which browsers make a "preflight" request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request. For security reasons, browsers restrict cross-origin HTTP requests initiated from scripts. For example,fetch()
andXMLHttpRequest
follow the same-origin policy. This means that a web application using those APIs can only request resources from the same origin the application was loaded from unless the response from other origins includes the right CORS headers.
fetch()
orXMLHttpRequest
@font-face
within CSS), so that servers can deploy TrueType fonts that can only be loaded cross-origin and used by websites that are permitted to do sodrawImage()
CORS Misconfiguration Scanner
🎯 Fast CORS misconfiguration vulnerabilities scanner
Cross Origin Resource Sharing ( CORS ) support for Flask
The last Micro Web Server for IoTs (MicroPython) or large servers (CPython), that supports WebSockets, routes, template engine and with really optimized architecture (mem allocations, async I/Os). Ready for ESP32, STM32 on Pyboard, Pycom's chipsets (WiPy, LoPy,...). Robust, efficient and documented!
Boilerplate API on how to structure big Flask applications (includes SQLAlchemy, Docker, nginx)
A Sanic extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible. Based on flask-cors by Cory Dolphin.
Combine the power of FastAPI and Django to build a production-ready application capable of utilizing all of the best features of both worlds.
Use Django To Introduce CORS and Same-Origin Policy
Extended Sanic functionality
Advanced CORS Header Checker Tool with Vulnerability Detection and Bypass Attempts
DRF Starter Template with drf-yasg, heroku deployment ready config, CORS config
Live for Go hackers (bug bounty)
TikTok Saver is a SaaS (Software as a service) for downloading and saving Tiktok videos with the highest quality and no watermark.
ASGI middleware for applying CORS headers to an ASGI application
Django React Integration with Session Authentication, CORS, CSRF Mechanism & Cookies Handling.
Created byWHATWG, Matt Oshry, Brad Porter, Michael Bodell, Tellme Networks
ReleasedMay 2006