You are maintaining a server that has strict security requirements. You need to allow cross-origin requests but with stringent restrictions. How can you implement CORS to fulfill these requirements while maintaining security?

  • Set Access-Control-Allow-Origin to * and rely on server-side authentication.
  • Implement preflight requests with custom headers and allow only authorized clients.
  • Avoid using CORS and handle cross-origin requests through server-side scripting.
  • Enable CORS for all origins and use server-side IP filtering.
To implement stringent security with CORS, you should use preflight requests with custom headers to allow only authorized clients. Option A is not secure as it allows any origin. Option C suggests avoiding CORS altogether, which may not be practical. Option D relies on IP filtering, which can be bypassed.
Add your answer
Loading...

Leave a comment

Your email address will not be published. Required fields are marked *