Score:2

is "access-control-allow-origin" a secure way to restrict communication between two servers?

us flag

I have two servers, A and B. I want server B to only accept HTTP requests from server A. is "access-control-allow-origin" a secure way to implement that?

Score:6
ar flag

No.

HTTP headers is sent from server to client, or client to server. It's fine for protecting a cooperating client against attacks on the client, but it's not fine for protecting the server against anything. Any client is free to ignore it if it so desires; there's nothing the server can do to enforce it.

Implement real authentication, such as TLS client certificates, bearer tokens or a similar scheme.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.