Verify that the supplied Origin header is not used for authentication or access control decisions, as the Origin header can easily be changed by an attacker.

spyd3r / merlin

0 stars 0 forks source link

Verify that the supplied Origin header is not used for authentication or access control decisions, as the Origin header can easily be changed by an attacker. #283

Open spyd3r opened 5 years ago

chunanlee commented 4 years ago

Dear Sir, Excuse me, I cannot figure out how to use the Origin header for authentication or access control. Could you give me an example? Thank you very much for your help. Best Regards, ChunanLee