W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

Re: CORS and HTTP headers spoofing

From: Jonas Sicking <jonas@sicking.cc>
Date: Thu, 2 Jun 2011 10:29:04 -0700
Message-ID: <BANLkTimJWDb+gztVqURip3WoJo5VY96uxA@mail.gmail.com>
To: Margarita Podskrobko <mpodskrobko@hotmail.com>
Cc: public-webapps@w3.org
2011/5/31 Margarita Podskrobko <mpodskrobko@hotmail.com>:
> Hello,
> I was trying to find any information concerning CORS and HTTP headers
> spoofing. Couldn't find any relevant information though. So if I am able to
> set Origin header to some custom value, it means that there is no more
> secure communication between domains as I can pretend to be anyone?

How would you set the "Origin" header?

/ Jonas
Received on Thursday, 2 June 2011 17:30:00 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:45 GMT