||Web is the most common technology for information delivery or interaction between people on the internet. The emergence of HTML5 in recent years has changed the world of the Web. CORS (Cross-Origin Resource Sharing) is the most common application in HTML5 because it breaks the traditional Same-origin policy (SOP) Exchange messages between different domains.
However, in recent years, experts have put forward the HTML5 security report, pointed out that there are many security threats in HTML5, these security issues, in fact, most of the negligence caused by the programmers. CORS is convenient, but it is also easy to cause cross-site request forgery (CSRF) attack, especially in the company environment, if the Web system provides CORS service, the internal staff can use the browser to browse an external malicious website, the website will be able to use CORS or WebSockets to sniff or steal information from the company's internal Web system. Now all reports remind developers to be more careful in development, but over time, the company internal systems will increase gradually, if one by one setting each domains, it will become very complicated and error-prone.
Therefore, this paper designs a browser plugin that can protect CORS attacks utilizing the feature that html5 is running on browser, and proves that it can effectively defend HTML5's CORS attacks through experiment. This plugin execute behind the browser, do not need to spend a lot of cost the purchase of expensive security tools will be able to achieve effective protection, hope to provide this plugin to relevant companys.