Propose check to detect misconfiguration for CORS credentials requested.

[righettod]

Description

This PR propose a bcheck to detect invalid CORS configuration for credentialed requests.

Indeed, the server must not specify the * wildcard for the Access-Control-Allow-Origin response-header value, but must instead specify an explicit origin.

Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#requests_with_credentials

File was validated with the latest version of the checker:

BCheck Contributions

• BCheck compiles and executes as expected
• BCheck contains appropriate metadata (name, version, author, description and appropriate tags)
• Only .bcheck files have been added or modified
• BCheck is in the appropriate folder
• PR contains single or limited number of BChecks (Multiple PRs are preferred)
• BCheck attempts to minimize false positives

Thanks in advance 😃

[Hannah-PortSwigger]

Thank you for your submission! We're in the process of reviewing your BCheck, and should either merge this or provide you with some feedback soon.

If there's anything else we can help with in the meantime, please let us know.

[righettod]

Hi @Hannah-PortSwigger

Thanks a lot for the feedback 😃

Have a nice day.

[PortSwiggerWiener]

Many thanks for your submission.

Looks good 👍

[righettod]

You are welcome 😃

Thanks a lot for the review and for this feature ❤️

[Hannah-PortSwigger]

Looks good! 👍

[righettod]

Thanks a lot ❤️