Why is this important?
Java mostly adheres to secure defaults, but there are ways to introduce configuration issues.
Check out this video for a high-level explanation:
Fixing Insecure Configuration
Option A: Secure the Cross-Origin Resource Sharing (CORS) policy
- Go through the issues that GuardRails identified in the PR.
- Remove the code that has this pattern:
- Follow the best practices as described here
// Replace <your trusted domain> with your actual domain: // eg. https://guardrails.io response.addHeader("Access-Control-Allow-Origin", "<your trusted domain>");
- Test it
- Ship it 🚢 and relax 🌴