Yes, I understand how origin verification is done. Nothing stops any other local app to make make a WS connection to this app's server and pretend it is making valid requests while, potentially, executing destructive actions or stealing data.
I understand that the generic answer will be along the lines: "well, if you have local access, you're never safe", but there is zero protection here. Anything local can connect to it and impersonate the "front end".
I understand that the generic answer will be along the lines: "well, if you have local access, you're never safe", but there is zero protection here. Anything local can connect to it and impersonate the "front end".