Description
Inspect if application check that the value of the “Origin” HTTP header is consistent with the value of the remote IP address/Host of the sender of the incoming HTTP request. Configurable parameters are:
- origin_header_value
Note : This plugin is useful to test “Cross Origin Resource Sharing (CORS)” application behaviors. CORS : http://developer.mozilla.org/en-US/docs/HTTP_access_control http://www.w3.org/TR/cors
Plugin type
Options
Name | Type | Default Value | Description | Help |
origin_header_value | string | http://w3af.sourceforge.net/ | Origin HTTP header value | Define value used to specify the ‘Origin’ HTTP header for HTTP request sent to test application behavior |
Source
For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
Plugin source code
Unittest source code
Dependencies
This plugin has no dependencies.