Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removed the default 'http://evil.com' Origin override in the request. #53

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Removed the default 'http://evil.com' Origin override in the request. #53

wants to merge 1 commit into from

Conversation

ENuge
Copy link

@ENuge ENuge commented Oct 13, 2018
edited
Loading

Re #45 .

At my work, we use the Origin header to try and guess whether a full request/response is occurring over https or not. More generally, I think it's common to log non-sensitive headers for threat monitoring/analytics etc. For anyone not familiar with this extension, a large number of incoming requests from 'evil.com' can be very alarming!

That said, I left the ability as a comment with how to enable - if people want to change the request origin, they should feel free to. But I don't think that should be happening for devs unknowingly. :)

@vitvad , there hasn't been much activity in this repo lately but I'd love if you could merge this in and get an update into the extension store (my understanding is existing users should get autoupdated?). Let me know if there's anything you'd need from me to make that easier. 🍻

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ENuge