You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Enforce Origin checks on authenticated state-changing requests
# We rely on "secure;HttpOnly" cookies to prevent cross-site GET requests, and use
# this Origin header checking to protect against cross-site POST and DELETE. Browsers
# will prevent XHR JSON requests by using a pre-flight check, but form POSTs definitely
# work and can be protected against this way.
# Relevant to isaacphysics/isaac-app#892
0 commit comments