MozillaWiki

Security/Origin: Difference between revisions

Page Discussion

Security/Origin (view source)

Revision as of 19:26, 11 November 2010

3 bytes removed ,  11 November 2010
→‎Origin header format
No edit summary
 
Line 40: Line 40:
In order to provide enough information that makes this Origin header useful for more server-side protections (other than just CSRF), the origin of a request may be sent (or the string "null") as well as a list of any redirects that led to the final request.
In order to provide enough information that makes this Origin header useful for more server-side protections (other than just CSRF), the origin of a request may be sent (or the string "null") as well as a list of any redirects that led to the final request.


The Origin header is described in [http://tools.ietf.org/html/draft-abarth-origin-05 an internet draft by Adam Barth, Collin Jackson and Ian Hickson].  The general format of the Origin header will be:  
The Origin header is described in [http://tools.ietf.org/html/draft-abarth-origin an internet draft by Adam Barth, Collin Jackson and Ian Hickson].  The general format of the Origin header will be:  
  Origin: <origin> [<origin>]*
  Origin: <origin> [<origin>]*
An <tt>&lt;origin&gt;</tt> is a combination of scheme, host and port.  Unlike HTTP Referer, no path data or query string will be provided in the origin.
An <tt>&lt;origin&gt;</tt> is a combination of scheme, host and port.  Unlike HTTP Referer, no path data or query string will be provided in the origin.
Sidstamm
canmove, Confirmed users
1,537

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/267236"