Fix CORS Vulnerabilities in Nginx: Enforce Secure Origin Checks

According to the required security level, the existing cross‑origin configuration is insecure and must be fixed.

The solution is to inspect the Origin request header and apply a strict CORS policy that returns a 403 response for any illegal origin.

Vulnerability reproduction

Send a request with a custom Origin header; if the request succeeds, the server does not validate the header and the vulnerability is present.

curl -H 'Origin:http://test.com' http://192.168.15.32:80

Fix implementation

In the Nginx configuration, use a map directive to create a whitelist and set $allow_cors to 0 for disallowed origins. Then add the appropriate Access-Control-Allow-* headers and return 403 when $allow_cors equals 0.

http {
    map $http_origin $allow_cors {
        default 1;
        "~^https?://.*?\.tripwolf\.com.*$" 1;
        "~^(https?://(dmp.finerice.cn)?)$" 1;
        "~*" 0;
    }
    server {
        add_header Access-Control-Allow-Origin $http_origin;
        add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
        add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept";
        location / {
            if ($allow_cors = 0) {
                return 403;
            }
            root /mnt/data;
        }
    }
}

Verification

Use tools such as POSTMAN to send requests with different Origin values and verify that illegal origins receive a 403 response.

If CORS is not required, simply remove the add_header Access-Control-Allow-Origin and related directives.