Origin evil.com in Request Header

web-services google-chrome header same-origin-policy referer
Øystein Drabløs picture Øystein Drabløs · Dec 4, 2014 · Viewed 39.5k times · Source

I am trying to send form data to a webservice but below "Request Header" in the "Network" of the Chrome DOM I got the origin "evil.com" and referer "localhost:8080". 

Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:nb-NO,nb;q=0.8,no;q=0.6,nn;q=0.4,en-US;q=0.2,en;q=0.2
Connection:keep-alive
Content-Length:91
Content-Type:application/x-www-form-urlencoded; charset=UTF-8;
Host:office.insoft.net:9091
Origin:http://evil.com/
Referer:http://localhost:8080/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2230.0 Safari/537.36

I want to change to another origin and "localhost:8080" would be the best origin.

How do I resolve that problem?

Answer

Joffrey Maheo picture Joffrey Maheo · Dec 9, 2014

The overwrite of the header origin is caused by Allow-Control-Allow-Origin: * chrome extension.

Link to the extension

Try disabling this extension in order to solve your problem.

Related questions

What is Service Worker Console? & Where is it in Chrome Browser?

I am working on push notifications and came upon an unfamiliar term: service worker console. I have read and used the term console log or web console in browser, but I am not familier with the term service worker console, …

Read More
SOAP vs REST (differences)

I have read articles about the differences between SOAP and REST as a web service communication protocol, but I think that the biggest advantages for REST over SOAP are: REST is more dynamic, no need to create and update UDDI(…

Read More
HTTP POST and GET using cURL in Linux

I have a server application written in ASP.NET on Windows that provides a web service. How can I call the web service in Linux with cURL?

Read More