Hacker News new | ask | show | jobs
by krapp 4567 days ago
Is there a way to check that which can't be faked by altering the browser or a js framework though?

I was under the impression that trying to validate that was ultimately as fragile as checking the user-agent string...
1 comments
dhh 4567 days ago
It relies on a header, which can't be set through the attack vector, so it's all kosher.
link
homakov 4567 days ago
Since we are on the same page, could you help me in this discussion with nzkoz? https://github.com/rails/rails/issues/11509 we're talking about different things
link