Episode 28: Surfin' with CSRFs
Critical Thinking - Bug Bounty Podcast
00:00
Rails and Head Requests in Rails
This seems like a strange type of implicit behavior for it to be there. So I wouldn't be surprised if it has other implications. As you can tell in the blog post, this is actually down to how GitHub is implementing it where it's not really like an implicit vulnerability. It's just that the fact that how they're handling whether or not it's a get request or some other type of request is influencing the behavior of the app.
Transcript
Play full episode
