Skip to content
Snippets Groups Projects
Commit a83466be authored by Matthias Schiffer's avatar Matthias Schiffer
Browse files

gluon-web: prohibit cross-origin POST 

As gluon-web uses standard multipart/form-data requests, browsers don't
enforce any cross-origin restrictions. To prevent malicious injection of
POST requests into the config mode, match the Origin header against the
Host header of the request.
parent f3960eeb
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Impressum - Datenschutz