Category : http-headers

I built a php API with the following header: header("Access-Control-Allow-Origin: https://my-domain.de"); With that, I can access the api only from https://my-domain.de but not from https://www.my-domain.de I get: Origin https://www.my-domain.de is not allowed by Access-Control-Allow-Origin. [Error] XMLHttpRequest cannot load https://my-domain.de/checkin/api/generateUser.php due to access control checks. How can I make this working for both: www and without ..

Read more

I am trying to apply security headers on a particular file on my server and I am using this configurations in nginx.conf for it. location /test.php { add_header X-XSS-Protection "1; mode=block" always; add_header X-Frame-Options SAMEORIGIN always; add_header Strict-Transport-Security ‘max-age=31536000; includeSubDomains; preload’ always; add_header X-Content-Type-Options nosniff always; add_header Referrer-Policy strict-origin-when-cross-origin always; add_header Content-Security-Policy "your-policy-here" always; } ..

Read more

I tried to define HTTP_REFERER in Android WebView by overriding shouldOverrideUrlLoading for A.php as such: @Override public boolean shouldOverrideUrlLoading(WebView view, String url) { // click link Map<String, String> headers = new HashMap<>(); headers.put("Referer", my_referer); // for php $_SERVER[‘HTTP_REFERER’] view.loadUrl(url, headers); return true; } There is a link in A.php that links to B.php. I can ..

Read more