a83466be6e
As gluon-web uses standard multipart/form-data requests, browsers don't enforce any cross-origin restrictions. To prevent malicious injection of POST requests into the config mode, match the Origin header against the Host header of the request. |
||
---|---|---|
.. | ||
usr/lib/lua/gluon/web |