You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
During our security scan, we encountered the domain https://api2.amplitude.com/ using the access-control-allow-origin header and it is set to '*', which will allow requests from any domain to access resources being shared. This can lead to exploits where a malicious actor can request from their domain and receive a response that can contain sensitive information.
Can we have the access-control-allow-origin header with a specific whitelist of allowed domains, instead of allowing any domain?
The text was updated successfully, but these errors were encountered:
Hello,
During our security scan, we encountered the domain
https://api2.amplitude.com/
using the access-control-allow-origin header and it is set to '*', which will allow requests from any domain to access resources being shared. This can lead to exploits where a malicious actor can request from their domain and receive a response that can contain sensitive information.Can we have the access-control-allow-origin header with a specific whitelist of allowed domains, instead of allowing any domain?
The text was updated successfully, but these errors were encountered: