Skip to content

Commit 75b7903

Browse files
committed
Example fixes
1 parent 81e372d commit 75b7903

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

java/ql/src/Security/CWE/CWE-346/UnvalidatedCors.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,10 +21,10 @@ public void doFilter(ServletRequest req, ServletResponse res,
2121
String url = request.getHeader("Origin");
2222

2323
if (!StringUtils.isEmpty(url)) {
24-
String val = response.getHeader("Access-Control-Allow-Origin"); // BAD -> User controlled CORS header.
24+
String val = response.getHeader("Access-Control-Allow-Origin");
2525

2626
if (StringUtils.isEmpty(val)) {
27-
response.addHeader("Access-Control-Allow-Origin", url);
27+
response.addHeader("Access-Control-Allow-Origin", url); // BAD -> User controlled CORS header being set here.
2828
response.addHeader("Access-Control-Allow-Credentials", "true");
2929
}
3030
}

0 commit comments

Comments
 (0)