You’re viewing an example audit
Fortivibe reviews your app for the security, data, reliability, and deployment issues that can turn a promising prototype into a production headache.
Run an Audit on My AppFix Prompt
Replace `origin: '*'` with an explicit allow-list of trusted origins (e.g. your production domain and localhost during development).
Psst: this prompt should but is not guaranteed to fix the issue. Each tool (and the models they use) are different and outside of our control.
What does this mean?
A wildcard origin defeats the purpose of CORS. Even without credentials, it lets attacker-controlled sites probe your API's behavior.