Y
Hacker News
new
|
ask
|
show
|
jobs
by
sdevlin
5190 days ago
The referer header can easily be forged. The whole point of a CSRF attack is to turn a user's credentials against him.
1 comments
eurleif
5190 days ago
How do you forge the referer header as a third-party site?
link
sdevlin
5190 days ago
Ha, I'm wrong. I thought you could set the referer with setRequestHeader on an XHR. Mea maxima culpa.
link