Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bypass Crumb Validation when CORS enabled and request comes from different origin #24

Closed
stongo opened this issue Aug 28, 2014 · 2 comments
Closed

Bypass Crumb Validation when CORS enabled and request comes from different origin #24

stongo opened this issue Aug 28, 2014 · 2 comments
Assignees
@stongo
Labels
feature New functionality or improvement

Comments

@stongo
Copy link
Contributor

stongo commented Aug 28, 2014

Add an Origin check. If the origin doesn't match the server name and CORS is enabled, crumb validation should be bypassed. This should handle instances when CORS is enabled, but same origin calls are still made to the server.
@stongo stongo self-assigned this Aug 28, 2014
@stongo stongo mentioned this issue Aug 28, 2014
Closed
@stongo
Copy link
Contributor Author

stongo commented Aug 29, 2014

Maybe this is not best practice after all. See issue referenced above for more information. Needs review.

@stongo stongo closed this as completed Sep 3, 2014
@lock
Copy link

lock bot commented Jan 9, 2020

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 9, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@stongo stongo

Labels
feature New functionality or improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stongo