|
|
|
|
|
|
by osullip
358 days ago
|
|
|
Every website will suffer from this. Fix is easy enough - check the http referer before showing a result.
E.g in insites.io(or any liquid scripting site) you can check like this:
{% assign is_internal_search = context.headers.HTTP_REFERER contains context.location.host %} Just check the search is happening on a site or device you own. That attack vector is then gone (hackers cannot spoof the refer that google sends via ads.) |
|
|