0

Issue

In our ASP.NET MVC web application, when submitting a form or navigating within the app, the request's origin is sometimes null instead of the expected domain name.

Current Setup

The ASP.NET MVC web app includes middleware that checks the Origin header. If the origin is null, the request is denied to prevent cross-domain requests. The middleware compares the Origin header with the Host header in the request to ensure they match.

Problem

Occasionally, the Origin header is null, causing the app to deny requests, even though they are originating from the same domain.

Required Solution

We need a solution to handle cases where the Origin header is null, while ensuring security and avoiding the denial of legitimate requests from the same origin.

Improve this question
1
Related questions
519
CORS: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true
286
Set cookies for cross origin requests
172
CORS: credentials mode is 'include'
Load 6 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.