[CKAN-Security] /util/redirect and referrer-based CSRF mitigation
Thrawn
shell_layer-github at yahoo.com.au
Sun Nov 16 23:56:53 UTC 2014
Hi, folks.
As mentioned at https://github.com/ckan/ckan/issues/1419, the open redirect on /util/redirect is a concern because it allows attackers to bypass referrer checks. Which aren't a great defence against CSRF in the first place, of course, but they're the simplest to implement without touching the codebase.
Can anyone clarify whether this would restrict attackers to GET requests, or whether it would also allow forgery of referrer on cross-site POSTs?
Thrawn
More information about the Security
mailing list