Hello, I was trying to find any information concerning CORS and HTTP headers spoofing. Couldn't find any relevant information though. So if I am able to set Origin header to some custom value, it means that there is no more secure communication between domains as I can pretend to be anyone?
Best regardsMargarita Podskrobkoa
