|
|
|
|
|
|
by skyraider
4779 days ago
|
|
|
That's incorrect in this context, which is trying to get a victim to use their own browser to submit a request that uses cookies on said browser for authentication (CSRF). Please take a look at the following link: "Although it is trivial to spoof the referer header on your own browser, it is impossible to do so in a CSRF attack." (https://owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF...) |
|
|