Question: CSRF protection with verifying the origin header and referrer header

Question

CSRF protection with verifying the origin header and referrer header

Answers 0
Added at 2016-12-18 07:12
Tags
Question

I saw a documentation about protecting CSRF attack. It's said to protect from CSRF, if origin header is presents, verify it value matches the target origin. If origin header is not presents, verify it referrer header. If both of them not presents, it suggests reject the request.

However, I don't know what is origin header and referrer header and what is their difference. Also, how they related to the CSRF protection?

Here is the link of the documentation: https://www.owasp.org/index.php/CrossSite_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet Thanks for your kindly attention.

Answers to

CSRF protection with verifying the origin header and referrer header

Source Show
◀ Wstecz