gluon

nils/gluon

History

Matthias Schiffer a83466be6e gluon-web: prohibit cross-origin POST As gluon-web uses standard multipart/form-data requests, browsers don't enforce any cross-origin restrictions. To prevent malicious injection of POST requests into the config mode, match the Origin header against the Host header of the request.	2022-02-01 23:27:38 +01:00
..
lua/gluon/web	gluon-web: prohibit cross-origin POST	2022-02-01 23:27:38 +01:00

Matthias Schiffer a83466be6e gluon-web: prohibit cross-origin POST

As gluon-web uses standard multipart/form-data requests, browsers don't
enforce any cross-origin restrictions. To prevent malicious injection of
POST requests into the config mode, match the Origin header against the
Host header of the request.

2022-02-01 23:27:38 +01:00

lua/gluon/web

gluon-web: prohibit cross-origin POST

2022-02-01 23:27:38 +01:00