#CORS ip address (range?)

Hey there! I have an application and need to add an ip for the develpoment server to the CORS. Is it safe to add an 192.168.8.* ip to the CORS domains? Or are there security risks? Won't this for example allow access from multiple networks? However, adding 192.168.x.x wont work I think, because they are rotatable. Thanks in advance

Any local IP is going to be insecure, since you can literally change the IP assigned to a device to match this one. Don't worry too much about CORS, a lot of people think CORS is a protection but it's actually a vulnerability, when you open CORS to a specific IP, you've opened up a way in.

If you want to allow these local IPs, it's better to use * right away, if this app is going to run on the external network you can create a conditional state where in production it only allows IP X and in development it allows *.

But yes, if you want to allow only this range and it's just an app that runs on the local network, Ok.

What other solution would you propose? I have a mobile application (locally started on a laptop) which needs to make requests. This frontend developer told me he can't setup a hostname for some reason, so I only have an ip to work with

If it's mobile, cors wouldn't block anyway.