You are responsible for the security of a web application. You have to ensure that only trusted domains can interact with your server. How would you configure CORS to allow only specific domains to make requests to your server?
- Set the Access-Control-Allow-Origin header to * in the server response.
- Use wildcard subdomains in the Access-Control-Allow-Origin header.
- Specify the trusted domains in the Access-Control-Allow-Origin header.
- Disable CORS entirely to prevent any external access.
To restrict CORS to specific domains, you should specify the trusted domains in the Access-Control-Allow-Origin header. Option A would allow any domain, option B uses wildcard subdomains, which may not be secure, and option D is not secure and disables CORS.
Loading...
Related Quiz
- You are developing an application with multiple user roles, and each role has different levels of access to resources. How would you securely implement role-based access control to prevent unauthorized access?
- When designing a system with high-frequency Read operations, ______ the database can optimize performance by reducing the I/O operations on the database.
- What considerations should be made when determining the expiration time of a JWT?
- You notice that the application behaves differently in the development and production environments. You suspect that it is due to a difference in the package versions being used. How would you investigate and resolve this discrepancy?
- What are the implications of choosing an improper data type for a field in a database schema on storage and performance?