CORS and HTTP headers spoofing from Margarita Podskrobko on 2011-05-31 (public-webapps@w3.org from April to June 2011)

From: Margarita Podskrobko <mpodskrobko@hotmail.com>
Date: Tue, 31 May 2011 18:46:25 +0200
To: <public-webapps@w3.org>
Message-ID: <BAY159-w59AAD155A8B837FA2C2562BA7A0@phx.gbl>

Hello,
I was trying to find any information concerning CORS and HTTP headers spoofing. Couldn't find any relevant information though. So if I am able to set Origin header to some custom value, it means that there is no more secure communication between domains as I can pretend to be anyone?

Best regardsMargarita Podskrobkoa

Received on Thursday, 2 June 2011 16:20:46 UTC