<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
0D54z00006vBNHCCA4Okta Identity EngineWorkflowsAnswered2024-06-30T10:44:09.000Z2021-04-16T15:57:52.000Z2021-05-03T18:55:11.000Z
  • User16115958272578339131 (Vendor Management)

    Hi. This is definitely not recommended in a production tenant.

    You should only use this for testing purposes only in a lower tenant or a free developer account that does not impact your work environment. 

    Having localhost registered as a Trusted Origin means that any browser application running on localhost with the given port can silently act on behalf of the user signed in.

    That I would not recommend.

    Expand Post
  • ShawnC.60679 (Customer)

    Hi Razvan, thank you for the response. That is helpful.

     

    However, let's say I register a trusted tenant as "https://myapp.mycompany.com" for my app.

    Couldn't a hacker simply map this to their localhost in their /etc/hosts file and gain the same functionality?

     

    Thanks!

    Expand Post
  • o7h0r (o7h0r)

    Can anybody further elaborate on the security implications for enabling "http://localhost" as a trusted origin in CORS?

This question is closed.
Loading
Any security risks for enabling "http://localhost" as a trusted origin to enable CORS?