stongo
commented
10 years ago Maybe this is not best practice after all. See issue referenced above for more information. Needs review.
Closed stongo closed 10 years ago
stongo
commented
10 years ago Maybe this is not best practice after all. See issue referenced above for more information. Needs review.
lock[bot]
commented
4 years ago This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.
Add an Origin check. If the origin doesn't match the server name and CORS is enabled, crumb validation should be bypassed. This should handle instances when CORS is enabled, but same origin calls are still made to the server.