David Bohannon
David Bohannon
If you don't wish to throw an error then I would suggest leaving the ACAO header as the wildcard * rather than reflecting the origin. A compliant browser will refuse...
What's the current status with respect to hardening this package for use in production environments? I don't see any instances where remote code execution is possible. It looks like all...