Y
Hacker News
new
|
ask
|
show
|
jobs
by
fimdomeio
3070 days ago
This is controlled on browser level and most (all?) browsers implement this. Origin can be faked by just using anything that can make a http request, like curl. It exists to protect users not the server.