Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
littlestymaar
34 days ago
|
parent
|
context
|
favorite
| on:
Email verification protocol
> User privacy is enhanced as the issuer does not learn which web application is making the request as the request is mediated by the browser.
How can you avoid revealing the application through the `Origin` header?
gruez
34 days ago
[–]
The request is sent by the browser, not the webapp itself (ie. using xhr or fetch) so it doesn't have headers like "Origin" added.
littlestymaar
34 days ago
|
parent
[–]
Ha! Thank you, I misunderstood who was behind this proposal but since it's W3C it's something that would directly be implemented by the browser itself.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
How can you avoid revealing the application through the `Origin` header?