SOP / CORS

Same-Origin Policy / Cross-Origin Resource Sharing

https://portswigger.net/web-security/cors/same-origin-policy
https://portswigger.net/web-security/cors
https://github.com/RUB-NDS/CORStest

CORS Server

An HTTPS server with CORS header accepting connections from any domain in Flask:

cors.py

from flask import Flask, send_file
from flask_cors import CORS

app = Flask(__name__)
CORS(app)

@app.route('/xss.js', methods=['GET'])
def xss():
    return send_file('./xss.js', download_name='xss.js')

# openssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365
app.run(host='0.0.0.0', port=443, ssl_context=('cert.pem', 'key.pem'))

Last updated 2 years ago