Origin-based security

When a request is sent from a browser, HTTP RPC API follows the Origin-based security model (opens new window), and expects the Origin HTTP header to be present. The API will return HTTP Error 403 when Origin is missing, does not match the API port, or is not safelisted via API.HTTPHeaders.Access-Control-Allow-Origin in the config.

PreviousHTTP status codesNextRPC commands

Last updated