Using vendor custom Accept Header supplements your HTTP endpoints security configuration by restricting an attacker to send text/txt or bytes converted to text as the expected mime type application/json on CSRF. But, it does not guarantee a full protection against XSS attack. Use CRSF, CORS, CORS Policy, CSP, Custom Header, Custom header with salt, multiple round on Base64 + salt, HTTPS, HST and more to protect your resource endpoint. #webdevelopment #softwaredevelopment #bugbounty
Josue Kula
コメント