Has anyone written up how to secure an unauthenticated localhost service? I've got Host check against DNS rebinding, CORB/CORP/COOP against Spectre, anything else? Maybe I should work in a secret path segment after all.
-
-
Is Origin reliable though? I got confused by this: https://bugzilla.mozilla.org/show_bug.cgi?id=1508661 …. It seems to say Origin is not set on cross-origin GETs, but that would defeat the point...
-
I think you can't allow requests without an Origin through the whitelist, if you really need that you could have a non-state changing, static page that loads sub resources?
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.