Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
P
P
pavelkunyavskiy2018-02-06 16:28:43
HTTP headers
pavelkunyavskiy, 2018-02-06 16:28:43

Is it possible to fake the Origin and Refer headers?

Is it possible?
For example, from specialized software like Postman.
Here, for example, I made a check on the NodeJS server side

if (!req.headers.origin || !req.headers.referer) {
    res.cookie('message', 'fuck you, hacker', {maxAge: 600000, httpOnly: true})
    res.send('fuck you, hacker')
    console.log('fuck you, hacker')
  }

But does it make sense if the title can be faked?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
I
InoMono, 2018-02-06
@InoMono

Of course, you can fake any headers in the web client.
But why?

Similar questions
S
shik02021-10-11 00:10:59
Is it possible to set up Last-Modified in yii2? 1Reply
S
sergey199408082018-07-20 08:52:14
HTTP, what happens when content-type is not specified in headers? 1Reply
A
Alexander Tishchenko2021-10-29 00:23:15
Why is the server refusing to accept when sending data with a POST request (Axios)? 1Reply
A
airbor2021-12-17 19:39:33
Why are these security headers needed? 1Reply
U
user72020-09-23 18:28:51
How to see post requests? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question