Y
Hacker News
new
|
ask
|
show
|
jobs
by
rocqua
1012 days ago
If your server reaches out to user-provided URLs, it can be a big deal. Especially with DNS rebinding, remote users can bind domains to 127.0.0.1. Which avoids cors like protections.
1 comments
mholt
1011 days ago
We mitigate both DNS rebinding and cross-origin in the admin endpoint by verifying Host and Origin headers -- by default.
link