W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

CORS and HTTP headers spoofing

From: Margarita Podskrobko <mpodskrobko@hotmail.com>
Date: Tue, 31 May 2011 18:46:25 +0200
Message-ID: <BAY159-w59AAD155A8B837FA2C2562BA7A0@phx.gbl>
To: <public-webapps@w3.org>

I was trying to find any information concerning CORS and HTTP headers spoofing. Couldn't find any relevant information though. So if I am able to set Origin header to some custom value, it means that there is no more secure communication between domains as I can pretend to be anyone?

Best regardsMargarita Podskrobkoa
Received on Thursday, 2 June 2011 16:20:46 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:13:19 UTC