[Solved] How to prevent desktop apps from mimicking browser requests?
.. but any desktop can mimick this same request headers and access the API and I tested with postman and the API was accessed. This is true, some http client (e.g. curl) are able to alter the Origin headers when making a request to the server. Thus, CORS should not be your only security measure … Read more