How to handle situations when browser sets Origin Header to null?
This happens for example in situations of "redirects across origins" when I make ajax, which returns direct to different domain, and after that I get redirected from different domain to the original(and here browser sets header Origin to null).
In one answer AJAX call following 302 redirect sets origin to null someone offers to set
Access-Control-Allow-Origin: null
But this looks like bad hack and vulnerability hole.
Is there any better solution to this problem? thank you
