Page History
...
Referer header example: ReferrerReferer: http://demoauthor45.magnolia-cms.com/.magnolia/trees/website.html?mgnlCK=1404726339576
...
- For example, if the victim's domain is "site.com" then an attacker have the CSRF exploit originate from "site.com.attacker.com" which may fool a broken referer check implementation. XSS can be used to bypass a referer check.
Support existing installation: WhiteList? Special Code? Tokens??!?
Should it be possible to configure a white list of additional referrers? Perhaps some integrations would like to make direct requests from external servers, or would this be introducing too great of a vulnerabilty?
Notes
"And in addition to that we also have the fact that referring websites can remove the Referer header with tricks like META refresh"
http://en.wikipedia.org/wiki/HTTP_referer
Most web browsers do not send the referer field when they are instructed to redirect using the "Refresh" field.
If a website is accessed from a HTTP Secure (HTTPS) connection and a link points to anywhere except another secure location, then the referer field is not sent.[9] "Clients SHOULD NOT include a Referer[sic] header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol"
FYI: Meta tag referrer
http://smerity.com/articles/2013/where_did_all_the_http_referrers_go.html
Overview
Content Tools