CORS Allowed Origin Wildcard Validation (SL020)

Validates that va.mobile.web.cors.allowed-origin properties do not contain wildcard characters.

Description

Scans application.properties and application-<profile>.properties for va.mobile.web.cors.allowed-origin properties that contain wildcard (*) characters. Wildcard characters are not allowed in this property and will result in invalid CORS configuration.

Rationale

Wildcard characters (*) are not permitted in the va.mobile.web.cors.allowed-origin property. Only explicit origin URLs are allowed. Using wildcards results in invalid configuration.

Findings

WARNING
- va.mobile.web.cors.allowed-origin contains * wildcard character

Noncompliant

No examples.

Compliant

No examples.

Configuration

This rule has no configuration.