W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

CORS and HTTP headers spoofing

From: Margarita Podskrobko <mpodskrobko@hotmail.com>
Date: Tue, 31 May 2011 18:46:25 +0200
Message-ID: <BAY159-w59AAD155A8B837FA2C2562BA7A0@phx.gbl>
To: <public-webapps@w3.org>

Hello,
I was trying to find any information concerning CORS and HTTP headers spoofing. Couldn't find any relevant information though. So if I am able to set Origin header to some custom value, it means that there is no more secure communication between domains as I can pretend to be anyone?

Best regardsMargarita Podskrobkoa
 		 	   		  
Received on Thursday, 2 June 2011 16:20:46 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:45 GMT