From 41fd57310a4a1cc64afa252cee1d145e293a760a Mon Sep 17 00:00:00 2001 From: Jonathan Hodgson Date: Fri, 11 Dec 2020 15:26:32 +0000 Subject: [PATCH] BIN: analyse-headers: Checks the access-control-allow-origin header Another suggestion by . For more details on the null issue, read here: https://w3c.github.io/webappsec-cors-for-developers/#avoid-returning-access-control-allow-origin-null --- bin/.bin/webtest/analyse-headers | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/bin/.bin/webtest/analyse-headers b/bin/.bin/webtest/analyse-headers index b4f0ea3e..1b42d93d 100755 --- a/bin/.bin/webtest/analyse-headers +++ b/bin/.bin/webtest/analyse-headers @@ -361,6 +361,32 @@ information (sent via the Referer header) should be included with requests.\n\n" fi } +test_access-control-allow-origin(){ + local value + value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)" + if [ "$value" = "*" ]; then + echo "Access-Control-Allow-Origin" | drawInBox + wecho "The Access-Control-Allow-Origin header indicates whether the \ +response can be shared with requesting code from the given origin +The value was found to be * meaning any origin. This is not normally desirable. +\n" + return 1 + elif echo "$value" | grep -q "null"; then + echo "Access-Control-Allow-Origin" | drawInBox + wecho "The Access-Control-Allow-Origin header indicates whether the \ +response can be shared with requesting code from the given origin +The value was found to be null. the serialization of the Origin of any \ +resource that uses a non-hierarchical scheme (such as data: or file: ) and \ +sandboxed documents is defined to be \"null\". Many User Agents will grant \ +such documents access to a response with an Access-Control-Allow-Origin: \ +\"null\" header, and any origin can create a hostile document with a \"null\" \ +Origin. The \"null\" value for the ACAO header should therefore be avoided.\n\n" + return 1 + + fi + return 0 +} + usage(){ echo -n "analyse-headers [OPTIONS]... URL