tldr; If you are using CORS in your Sails app, review your configuration to be sure it is secure.
If your app has vulnerable CORS configuration, there are two ways to resolve it:
- Either replace
origin: '*'with a specific set of whitelisted domains
- Or set
See Concepts > Security > CORS in the Sails docs for more information on how CORS works, and how to use it.
Note that you don’t necessarily need to upgrade to v0.12.7 — although if possible, it’s a very good idea. As of 0.12.7, Sails will log a warning if you lift your app in production when vulnerable CORS settings are detected.