Is it worth verifying the request hostname in API-to-API communications?
When authenticating from a browser application to an API layer, you can verify the request origin for CORS requests. I’m aware that this is primarily to prevent CSRF attacks. It doesn’t prevent an attacker from accessing the … Continue reading Is it worth verifying the request hostname in API-to-API communications?