Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1094
Views
5
Helpful
6
Replies

Cisco Switch SG350 - CORS header

Go to solution
calexfiel
Level 1
Level 1

‎09-16-2022 05:23 AM

The web server service running on this switch appears to create it's Access-Control-Allow-Origin response header based on the user-supplied Origin value. I am needing to  include the “Vary: Origin” header to prevent caching. The header indicates that the response is in some way dependent on the origin and should therefore not be served from cache for any other origin. 

Someone can help to fix it? 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎09-16-2022 06:23 AM

 

   - These parameters can not be changed on those devices , let alone on other cisco switches.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

6 Replies 6

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎09-16-2022 06:23 AM

 

   - These parameters can not be changed on those devices , let alone on other cisco switches.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
calexfiel
Level 1
Level 1
In response to marce1000

‎09-16-2022 06:34 AM

Thank you for your help.

0 Helpful

Go to solution
calexfiel
Level 1
Level 1
In response to marce1000

‎09-16-2022 10:55 AM

Hi Marce, sorry for bother you, I have another question;

Based on result penetration test I have to disable all SSL export grade ciphers, to prevent 'SSL FREAK' (Factoring Attack on RSA-EXPORT Keys). Is it the same concept, or that is possible to set up in the Control Panel? 

0 Helpful

Go to solution
marce1000
Hall of Fame
Hall of Fame
In response to calexfiel

‎09-16-2022 10:52 PM

 

   - The only thing that you can do to mitigate such attacks is to use the latest firmware and then run the penetration test again (e.g.)

 M,



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎09-17-2022 01:06 AM - edited ‎09-17-2022 01:10 AM

Hello,

just out of curiosity, what is the 'Vary' value in the response header that you captured ? Is it a wildcard ('*') ?

0 Helpful

Go to solution
calexfiel
Level 1
Level 1
In response to Georg Pauwen

‎09-17-2022 10:23 AM

Vary: Origin` will cause the user agent to fetch a response that includes `Access-Control-Allow-Origin`, rather than using the cached response from the previous non-CORS request that lacks `Access-Control-Allow-Origin`. So yes, should be a wildcard. I am not network professional.

Thank you so much again for your help

0 Helpful
Customers Also Viewed These Support Documents
Top