• 0

HTTP origin attribute - not appearing


Question

Hello,

 

I am trying to read the HTTP header Origin attribute from my web application in order to avoid some CSRF.

 

It seems the origin is not part of the request header (checked from chrome console).

 

Is the Origin only set in HTTPS? (as I have read that referer is not set in HTTPS)?

 

Is there any server support for this?

I am testing on an old jdeveloper OC4J server.

 

Any hint?

 

Should the same application deployed in weblogic have the Origin attribute in its header?

 

thanks in advance

Link to comment
https://www.neowin.net/forum/topic/1181021-http-origin-attribute-not-appearing/
Share on other sites

3 answers to this question

Recommended Posts

  • 0

Should work without https :/

Also it's not supported by all servers but most up to date apache servers should support it.

 

http://stackoverflow.com/questions/4566378/how-secure-http-origin-is/8087233#8087233

 

This might help you a bit?

 

And keep in mind: HTTP is a plain text protocol. The request header/body structure can be faked to anything you want. So using this on http is like using a lock on your backdoor and keeping your front door open...

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • - What's your salary? Is it more than $100k a year? - Nah, it's $100 mil a year.
    • Compared to my ear buds which are the size of a matchbox, cover a much broader frequency range, and work everywhere without setup? Yeah, still not buying this as a replacement.
    • Meta's Superintelligence team staffed by 50% Chinese talent, 40% ex-OpenAI by Hamid Ganji Mark Zuckerberg's latest big bet at Meta involves building a team of the best AI superstars in the market to lead the so-called Superintelligence Labs. The goal of this team is to develop AI models that will ultimately lead to Artificial General Intelligence (AGI). AGI refers to an AI model with capabilities comparable to, or even beyond, those of the human brain. Achieving human-level cognitive abilities with an AI model requires substantial investments, as well as hiring the best talent to build such a system. That's why Meta is throwing hundreds of millions of dollars at AI researchers from OpenAI, Apple, and other companies to recruit them for its Superintelligence team. A user on X has now shared a spreadsheet that provides us with some unique insights into Meta's Superintelligence team and the origins of its 44 employees. The leaker claims this information comes from an anonymous Meta employee. The listing claims that 50 percent of the staff at the Superintelligence team are from China, which demonstrates the significant role of Chinese or Chinese-origin researchers in Met's AI efforts. Additionally, 75 percent of these staff hold PhDs, and 70 percent of them work as researchers. Interestingly, 40 percent of the staff are ex-OpenAI employees whom Mark Zuckerberg poached from the maker of ChatGPT. Additionally, 20 percent of Meta's Superintelligence team members come from Google DeepMind, and another 15 percent come from Scale AI, a startup that Meta recently acquired in a $15 billion deal. Another interesting point is that 75 percent of the Superintelligence team are first-generation immigrants. The leaker claims that each of these employees is now earning between $10 million and $100 million per year, although Meta still needs to confirm these substantial figures. However, it has already been reported that Meta is offering up to $100 million in signup bonuses to poach the best AI talent from OpenAI and other rivals. The revelation that half of Meta's Superintelligence team consists of Chinese nationals could trigger concerns within the Trump administration and Congress.
    • From a quick Google it seems 6GHz is optional on 802.11be. Ubiquiti has one, Unifi U7 Lite.
    • Disagreed, I feel it’s going somewhere and his role served a purpose - and moreover with maybe what 10 mins of screen time - he had a bit of character development also.
  • Recent Achievements

    • First Post
      nobody9 earned a badge
      First Post
    • One Month Later
      Ricky Chan earned a badge
      One Month Later
    • First Post
      leoniDAM earned a badge
      First Post
    • Reacting Well
      Ian_ earned a badge
      Reacting Well
    • One Month Later
      Ian_ earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      505
    2. 2
      ATLien_0
      207
    3. 3
      Michael Scrip
      206
    4. 4
      Xenon
      139
    5. 5
      +FloatingFatMan
      114
  • Tell a friend

    Love Neowin? Tell a friend!