Module origin 

CSRF and DNS rebinding origin validation.

Functions

build_loopback_origins

Build the set of allowed origins for a loopback bind address.

extract_authority_from_origin

Extract the authority (host:port) from an origin URL string.

is_loopback_addr

Returns true if the socket address is bound to a loopback interface (IPv4 127.0.0.0/8 or IPv6 ::1). Used to determine whether automatic localhost-only origin validation should be applied when allowed_origins is empty.

make_origin_rejection_response

Build a 403 Forbidden response with a JSON-RPC error body for origin rejection.

validate_origin

Validate the Origin header for CSRF and DNS rebinding protection.