Prateek Sharma
NNovu
•Created by Prateek Sharma on 6/12/2024 in #💬│support
Define origins in access-control-allow-origin header for in-app notifications
Hello @Pawan Jain @Dima Grossman . Is there any update on this ?
Thank you!
11 replies
NNovu
•Created by Prateek Sharma on 6/12/2024 in #💬│support
Define origins in access-control-allow-origin header for in-app notifications
Hello Pawan. We are currently getting VAPT done for our SOC2 certification. In the findings, we were shared a finding that the response header for access origin returns
* on calling api.novu.co from out frontend.
This is the remediation we were shared:
The cross-domain policy published in this application allows access from any i.e. it appears to be overly permissive.Review the domains that are allowed by the cross-domain policy and determine whether it is appropriate for the application to trust the domains and their contents11 replies