Home > Net >  Is it possible to fake the domain of the request came from?
Is it possible to fake the domain of the request came from?

Time:12-03

There website that allow to restrict their API usage for certain domains - so they will receive and respect only requests coming from those domains.

How do they check the sender domain? Can it be faked?

CodePudding user response:

They can check the sender domain by validating the sender domain PubKey certificate attached to the sender HTTPS request, which should be signed by a CA to certify the sender domain. This should work based on the SSL-based encrypted network data traffic.

CodePudding user response:

Another way to do it is to support TLS Mutual authentication at the server in which case the client will have to authenticate itself by presenting the appropriate TLS Client certificate which is issued to it by a mutually trusted certification authority.

Page link:https//www.codepudding.com/net/213549.html

Prev:How to get products data from woocommerce and place it in a custom theme?
Next:JavaScript Array.filter() and .map() don't work, uncaught TypeError for Search function
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding