You are responsible for the security of a web application. You have to ensure that only trusted domains can interact with your server. How would you configure CORS to allow only specific domains to make requests to your server?

  • Set the Access-Control-Allow-Origin header to * in the server response.
  • Use wildcard subdomains in the Access-Control-Allow-Origin header.
  • Specify the trusted domains in the Access-Control-Allow-Origin header.
  • Disable CORS entirely to prevent any external access.
To restrict CORS to specific domains, you should specify the trusted domains in the Access-Control-Allow-Origin header. Option A would allow any domain, option B uses wildcard subdomains, which may not be secure, and option D is not secure and disables CORS.
Add your answer
Loading...

Leave a comment

Your email address will not be published. Required fields are marked *