Except an attacker can strip a referer header: if you fail open like that, you l... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nbpoole on March 30, 2012 \| parent \| context \| favorite \| on: #1 CSRF Is A Vulnerability In All Browsers Except an attacker can strip a referer header: if you fail open like that, you leave yourself open to attack. See http://blog.kotowicz.net/2011/10/stripping-referrer-for-fun-... for examples

jasonkeene on March 30, 2012 [–]

In order to exploit this an attacker would need to be MITM on the network or on a subdomain by setting a wildcard cookie. The site would still keep the nonce check. I don't see any way around this without poking a tiny hole in the CSRF protection. Guess you gotta weigh the cost/benefit.

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact