spoof http origin header

gorhill / uMatrix

uMatrix: Point and click matrix to filter net requests according to source, destination and type

GNU General Public License v3.0

4.55k stars 470 forks source link

spoof http origin header #922

Open tyngdekraften opened 6 years ago

tyngdekraften commented 6 years ago

https://skyfallattack.com/

GET /s/montserrat/v12/IVeH6A3MiFyaSEiudUMXE8u2Q0OS-KeTAWjgkS85mDg.woff2
Host: fonts.gstatic.com
Referer: https://fonts.gstatic.com/
Origin: https://skyfallattack.com

in this context origin is useless and used for tracking while modifying it does not break anything https://github.com/gorhill/uMatrix/issues/358#issuecomment-152828312

ssokolow commented 6 years ago

Spoofing it to the spec-defined null value (The value used for file:// URLs where null != null) should be safe, though it's possible some sites might decide that blocking use from file:// URLs is acceptable.