felder101
commented
4 months ago The Remedy specified in the scan was that if this page is intended to be accessible to everyone, you don't need to take any action. These pages are all public and are accessible to anyone with internet access.
Ticket has been entered on 7/16/2024 to remove from future reports.
JennaySDavis
Invicti Enterprise detected a possibly misconfigured Access-Control-Allow-Origin header in the resource's HTTP response. Cross-origin resource sharing (CORS) is a mechanism that allows resources on a web page to be requested outside the domain through XMLHttpRequest. Unless this HTTP header is present, such "cross-domain" requests are forbidden by web browsers, per the same-origin security policy.
Remedy: If this page is intended to be accessible to everyone, you don't need to take any action. Otherwise please follow the guidelines for different architectures below to set this header and permit outside domain.