I'm trying to get a handle on how reliably secure credentialed XHR2 requests are.
Specifically, can I be sure the request came from a browser runtime environment, rather than a bot (i.e. server-side program), or could the latter fake the request?
Asked
Active
Viewed 57 times
1 Answers
3
There is never any way to tell (with anything approaching certainty) what type of client made an HTTP request.
The point of using credentials is that only users you trust have them. So you trust the user making the request rather than the software they are using.
Quentin
- 914,110
- 126
- 1,211
- 1,335