Is there a way to check that which can't be faked by altering the browser or a j... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		krapp on Dec 11, 2013 \| parent \| context \| favorite \| on: Server-generated JavaScript responses Is there a way to check that which can't be faked by altering the browser or a js framework though? I was under the impression that trying to validate that was ultimately as fragile as checking the user-agent string...

dhh on Dec 11, 2013 [–]

It relies on a header, which can't be set through the attack vector, so it's all kosher.

homakov on Dec 11, 2013 | [–]

Since we are on the same page, could you help me in this discussion with nzkoz? https://github.com/rails/rails/issues/11509 we're talking about different things

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact