Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Also cant you just spoof the origin header?


A CSRF is an attack against a logged in user, so has to be mediated via their browser.

If you can spoof the origin header of a second party when they navigate to a third party, a CSRF is a complete waste of whatever vulnerability you have found.


You can if you want to deliberately CORF yourself for some reason - it's there to protect you, but spoofing it doesn't give you any special access you wouldn't otherwise have.

The point is that arbitrary user's browsers out in the world won't spoof the Origin header, which is protecting them from CORF attacks.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: