Cross Origin Protection

Cross origin protection is an extension of CSRF protection. While the csrf_protection flag ensures that the user making the request is the same user that we have authenticated with, cross origin protection ensure that requests are coming from a trusted and expected source.

When Cross Origin Protection is enabled each request sent to Jarvis will have the referral source or origin verified against the HTTP Host or configured session domain. If these do not match, then the request will be rejected and the client will receive an unauthorized request exception.

Note: This can complicate usage of Jarvis based APIs by non-browser applications, as clients must provide appropriate headers to Jarvis to meet the cross origin protection requirements.