What are the security concerns with CORS (Cross-Origin Resource Sharing) in REST APIs?
- Malicious sites could misuse APIs if CORS is too permissive.
- Always restrict origins (Access-Control-Allow-Origin).
- Avoid * in production.
- Use tokens for security.