Юрий Светлов Юрий Светлов - 16 days ago 5
Javascript Question

Can Fake of data in the header Origin (websocket)?

Can you falsify the header data in Origin?

GET /ttt HTTP/1.1
Host: server.example.com
Upgrade: websocket
Connection: Upgrade
Origin: http://webru.ru
Sec-WebSocket-Key: 32f2f2f2342r23
Sec-WebSocket-Version: 13


No. The contents of the Origin header are always set by the browser, and cannot be overridden.