Jakub Neukirch
09/07/2021, 5:32 PMcall.request.origin.host
returns localhost
and after some reconfiguration of nginx it returns <http://backend.domain.com|backend.domain.com>
instead of <http://frontend.domain.com|frontend.domain.com>
. Setting up CORS for all endpoints with host("<http://frontend.domain.com|frontend.domain.com>")
works properly, allows only frontend domain, and blocks all otherJakub Neukirch
09/07/2021, 5:45 PMReferer
header has proper address <http://frontend.domain.com|frontend.domain.com>
- is it safe to use it to block using my backend on some origins?Holger Steinhauer [Mod]
09/07/2021, 7:21 PMJakub Neukirch
09/07/2021, 7:23 PMJakub Neukirch
09/07/2021, 7:24 PMHolger Steinhauer [Mod]
09/07/2021, 7:44 PMHolger Steinhauer [Mod]
09/07/2021, 7:45 PMJakub Neukirch
09/07/2021, 7:45 PMHolger Steinhauer [Mod]
09/07/2021, 7:46 PMJakub Neukirch
09/07/2021, 7:46 PMHolger Steinhauer [Mod]
09/07/2021, 7:46 PMHolger Steinhauer [Mod]
09/07/2021, 7:46 PMJakub Neukirch
09/07/2021, 7:47 PMJakub Neukirch
09/08/2021, 12:37 PMJakub Neukirch
09/08/2021, 12:38 PMHolger Steinhauer [Mod]
09/08/2021, 6:51 PMHolger Steinhauer [Mod]
09/08/2021, 6:51 PMHolger Steinhauer [Mod]
09/08/2021, 6:52 PMHolger Steinhauer [Mod]
09/08/2021, 6:52 PMHolger Steinhauer [Mod]
09/08/2021, 6:54 PM