CORS (Cross-Origin Resource Sharing) origin validation failure

***ATTACK DETAILS*** Access-Control-Allow-Origin: https://sifchain.finance.evil.com Access-Control-Allow-Credentials: true Prefix origins are accepted (www.example.com trusts example.com.evil.com) ***Vulnerability Description*** CORS (Cross-Origin Resource Sharing) defines a mechanism to enable client-side cross-origin requests. This application is using CORS in an insecure way. The web application fails to properly validate the Origin header (check Details section for more information) and returns the header Access-Control-Allow-Credentials: true. In this configuration any website can issue requests made with user credentials and read the responses to these requests. Trusting arbitrary origins effectively disables the same-origin policy, allowing two-way interaction by third-party web sites ## Impact ***The impact of this vulnerability*** Any website can issue requests made with user credentials and read the responses to these requests.