Episode 28: Surfin' with CSRFs
Critical Thinking - Bug Bounty Podcast
00:00
How to Send a Request With the Null in the Origin With Nowadays Same Site Stuff
Joel: I'm going to research this any afterwards anyway, to send a request with the null in the origin with nowadays same site stuff that that's kind of interesting. Perhaps maybe an origin check might be enough nowadays. But if you're not handling the null case, it could still be enough,. The other one was the referrer. This is not a secure technique for C surf, because we have the ability to control the referrer policy which determines what is set right? And actually, oh, I didn't even write this down, Joel, but I actually had a cool bug that I found the other day because of this as well.
Transcript
Play full episode
