Using misconfigured CORS in AWS API Gateway V2 API Policy that allows sharing across all resources may lead to unauthorized access.
In AWS Console -
In Terraform -
References:
https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-cors.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_api