On Tue, 12 Feb 2008 21:54:25 -0000, Philip Taylor <[EMAIL PROTECTED]> wrote:
It's quite a different situation when the Referer is used as a security
measure in deciding to trust a user's request, where false negatives can
have significant consequences (like editing data via cross-site request
forgery). That is the situation where <a ping> mustn't introduce new
risks.
I looked for some examples of code that checks the Referer for security,
and found:
[...]
That's interesting. In that case attack outlined on Mozilla's list is even
less likely to succeed than I thought. So maybe a "less abusive" approach
would suffice:
* if ping is cross-domain, always send Referer
* if ping originates from the same domain, don't send any Referer at all
--
regards, Kornel LesiĆski
