I am developing a web application where I have to make sure the provided origin of the request trough http headers is correct?
let's say I am expecting a request from example.com, the only way to check request origin(as domain) is trough provided request headers as far as I know, I know that I can control the access to the server trough "Allow-Access-Control-Headers:"example.com"" header but what is preventing example2.com putting a origin header that says the request is coming from example.com?
Aucun commentaire:
Enregistrer un commentaire