Closed gdamjan closed 5 years ago
Can you share some documentation about this? Maybe there is a link on MDN or something? Or maybe there is some code snippet I can run in a couple browsers first? Makes sense, but I want to verify anyway!
Sure.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host
The Host
header, you can see it in any request your browser sends, and is always the server (virtual host) you connect to.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin
The Origin
header, is sent in so called CORS requests (Cross-Origin-Resource-Sharing) - ie. requests from one domain to another, something that is by default forbidden by the same origin policy.
Perhaps the best explanation is here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS which also links to a site with demos http://arunranga.com/examples/access-control/
Thanks for the additional resources. I misunderstood what Host
was for it seems!
the invoking page is sent in the Origin header with CORS requests