Hi! I would like to know if there is a way to activate Basic Auth but in a way to lock requests from other domains, and only accept if it's from the same domain. It would work as a SameSite attribute in a cookie, but in this case for the basic auth. A SameSite cookie is done at the browser side, so it would be more to block if it came from another domain (for basic auth).
This is about the following case:
https://security.stackexchange.com/questions/234341/http-basic-auth-and-csrf/234346
I would like to know if there is a way to block requests as the nginx side, if the request if is not from the same origin (actually, it doesn't need to be for basic authentication, it could be a more general approach). Nginx should accept the requests only in this case. Is there any way to do this?
Thanks in advance!
This is about the following case:
https://security.stackexchange.com/questions/234341/http-basic-auth-and-csrf/234346
I would like to know if there is a way to block requests as the nginx side, if the request if is not from the same origin (actually, it doesn't need to be for basic authentication, it could be a more general approach). Nginx should accept the requests only in this case. Is there any way to do this?
Thanks in advance!