1837b1e2b3
As gluon-web uses standard multipart/form-data requests, browsers don't
enforce any cross-origin restrictions. To prevent malicious injection of
POST requests into the config mode, match the Origin header against the
Host header of the request.
(cherry picked from commit
|
||
---|---|---|
.. | ||
lib/lua/gluon/web |