Skip to content
Snippets Groups Projects
Commit 1837b1e2 authored by Matthias Schiffer's avatar Matthias Schiffer
Browse files

gluon-web: prohibit cross-origin POST 

As gluon-web uses standard multipart/form-data requests, browsers don't
enforce any cross-origin restrictions. To prevent malicious injection of
POST requests into the config mode, match the Origin header against the
Host header of the request.

(cherry picked from commit a83466be)
parent f4ae80e7
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Impressum - Datenschutz