Open teleclimber opened 1 year ago
I think I should white-list acceptable headers (especially coming back from sandbox), ignore others if they don't start with "X-". Also need to notify app dev that this is happening, probably via appspace log.
Edit: List of Headers here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
I think I should white-list acceptable headers (especially coming back from sandbox), ignore others if they don't start with "X-". Also need to notify app dev that this is happening, probably via appspace log.
Edit: List of Headers here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers