A potential CORS vulnerability was detected via the use of the asterisk wildcard. To follow best practices, try to define specific allowed origins.