[whatwg] Dealing with UI redress vulnerabilities inherent to the current web
Anne van Kesteren
annevk at opera.com
Mon Sep 29 13:40:54 PDT 2008
On Mon, 29 Sep 2008 16:06:09 -0400, Adam Barth <whatwg at adambarth.com>
wrote:
> The current proposal is to sent the Origin header for non-GET,
> non-HEAD requests. The main reason not to send the header all the
> time is that it raises similar privacy concerns as the Referer header,
> which have caused the Referer header to be suppressed a non-trivial
> fraction of the time.
>
> Sending the Origin header more often is better for security, but it is
> a gamble. If we decide to send it too often, users/network operators
> will just suppress the header and we won't have improved the
> situation. Sending the header for <form> POSTs seems like a clean
> design point because sites don't POST to untrusted sites nearly as
> often as they hyperlink to them.
Hmm, we went through this before I believe. I thought the issue with
Referer was that it exposed path information, but I guess the problem with
Origin is that it reveals the intranet server name? On the other hand, for
the not-link following case how common is it for intranet applications to
load images and resources cross-site?
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
More information about the whatwg
mailing list