From c2b8018617a72e13a3a3c1cb2bfa13d8878d8aa4 Mon Sep 17 00:00:00 2001
From: Heeryong Kang <drakang4@gmail.com>
Date: Wed, 22 Apr 2020 16:09:18 +0900
Subject: [PATCH] fix typo

---
 CORS Misconfiguration/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CORS Misconfiguration/README.md b/CORS Misconfiguration/README.md
index 7d4d715..1bbbc7e 100644
--- a/CORS Misconfiguration/README.md	
+++ b/CORS Misconfiguration/README.md	
@@ -131,7 +131,7 @@ https://trusted-origin.example.com/?xss=<script>CORS-ATTACK-PAYLOAD</script>
 ### Vulnerable Example: Wildcard Origin `*` without Credentials
 
 If the server responds with a wildcard origin `*`, the browser does never send
-the cookies. Howver, if the server does not require authentication, it's still
+the cookies. However, if the server does not require authentication, it's still
 possible to access the data on the server. This can happen on internal servers
 that are not accessible from the Internet. The attacker's website can then
 pivot into the internal network and access the server's data withotu