Host Header As Self
A server validates signed inbound messages against its own URL and derives that URL from client-supplied request headers. The signed 'intended for X' check becomes 'intended for whatever the client claims X is.'
A server validates signed inbound messages against its own URL and derives that URL from client-supplied request headers. The signed 'intended for X' check becomes 'intended for whatever the client claims X is.'