CORS credentials option set to true
To allow cookies to be sent to my ExpressJS server,credentials: true has to be set in my CORS config.
What potential security risks/ vulnerabilities could arise from this configuration?
If possible, how could said risks be mitigated in pra…