Re: [whatwg] How can a server or serverside script identify if a request is from a page, iframe or xhr?

On 2016-11-01 10:42, Roger Hågensen wrote:
> I was wondering how can a server or script identify if a request is from
> page, iframe or xhr?

I really hate answering myself (and so soon after making a post) but it 
seems I have found the answer at

and the support is pretty good according to

But on MDN it says "For workers, non-compliant requests are treated as 
fatal network errors by the user agent."
But does this apply to non-workers too?

And is there any way to prevent injected hostile scripts?
I guess loading scripts from a specific (whitelisted) url could do the 
trick? Or maybe using strict-dynamic.

Darnit it. I may just have answered my own questions here.

Roger Hågensen, Freelancer,

Received on Tuesday, 1 November 2016 10:33:22 UTC