More Demos

Rejecting Rogue Cross Origin Request - Secure Demo

rejectCOR.php located at www.andlabs.net is supposed to be accessible only from www.andlabs.org.
So when a request comes from any website other than www.andlabs.org the request is not processed.
This prevents abuse of server resources due to unintended Cross Origin Requests.

PHP Source of http://www.andlabs.net/html5/rejectCOR.php:

            
<?php
    if($_SERVER['HTTP_ORIGIN'] == "http://www.andlabs.org")
    {
        echo date('l jS \of F Y h:i:s A');
        header('Access-Control-Allow-Origin: http://www.andlabs.org');
    }
    else
    {
        exit();
    }
?>
        

Demo

To make a request to this page from www.andlabs.org and view the response click here.

Try making the same request from some other domain and capture the response in a proxy. The response would be blank.

Based on the COR examples from Mozilla and Arun Ranga