+17
−4
Loading
The service replies with the message in the request. This can be used as an attack vector as the reply is determined by the request and is coming from a shore.co.il domain. So the following precautions are taken: - Limit the request length to limit the usefulness of the response. - Set the response MIME type to plain text and set the `X-Content-Type-Options` header to `nosniff` so the browser won't guess the content type. - Set the `X-Frame-Options` header to `DENY` so it won't be used as an iframe. - Set CORS headers.