- Launch the vulnerable Spring Boot CORS support demo application by running the
./gradlew :vulnerable-app:bootRuncommand in your terminal/shell. - In a second terminal window or tab, launch the vulnerable Spring Security CORS support demo application by executing the
./gradlew :vulnerable-spring-security-app:bootRuncommand. - In a third terminal window or tab, launch the CORS vulnerability demo app by executing the command,
./gradlew :test-cors-app:bootRun. - Open a browser window and navigate to "http://localhost:8080", which will load the index page of the CORS vulnerability demo app, and automatically make credentialed, cross-origin requests to the apps launched in steps 2 and 3, and display the request headers and the request cookies in the browser window.
- Refresh/reload the page in the browser, and note that the
Access-Control-Allow-Credentialsis set totrue, theAccess-Control-Allow-Originheader is set tohttp://localhost:8080, and the "cors-spring-vuln-demo" and "cors-spring-security-vuln-demo" cookies (which were automatically set by the response in step 5) are listed for each of the example cross-origin requests.
-
Notifications
You must be signed in to change notification settings - Fork 0
milo-minderbinder/cors-spring-vuln-demo
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published