Typescript Cors Wildcard Origin Header Lambda

Description

Detects insecure CORS (Cross-Origin Resource Sharing) configurations in AWS Lambda functions where wildcard (*) origins are used. This misconfiguration allows any domain to make cross-origin requests to the Lambda function, potentially exposing sensitive data or functionality to malicious websites.

Weakness:

134 - Insecure or unset HTTP headers - CORS

Category: Protocol Manipulation

Detection Strategy

• Check if the source file imports the 'aws-lambda' module

• Search for CORS header configurations in Lambda function handlers

• Identify if CORS headers use wildcard (*) origin which allows any domain to make cross-origin requests

• Report vulnerability when wildcard CORS origins are found in Lambda function configurations

Vulnerable code example

const handler = async () => {
  return {
    statusCode: 200,
    headers: {
      'Access-Control-Allow-Origin': '*'  // Vulnerable: allows any domain to access the API
    },
    body: JSON.stringify({ secret: 'sensitive data' })
  }...

✅ Secure code example

const ALLOWED_ORIGIN = 'https://trusted-frontend.example.com'; // Restrict to specific trusted domain

const handler = async () => {
  return {
    statusCode: 200,
    headers: {
      'Access-Control-Allow-Origin': ALLOWED_ORIGIN,  // Only allow requests from trusted domain
      'Access-Control-Allow-Methods': 'GET',  // Explicitly specify allowed methods...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.