0

I have this issue where authentic post requests from other sites to the web api get changed to seem as though they were coming from this specific url.

Each time a post request is made to the api, I get the referrer from the request and use it in the workings of the system and also save it to the database. However, just a day ago(to the day of this post), my attention was called to the fact that every request be it from another site url (i.e the referrer), it get replaced by this one url as seen in the database.

Is this some sort of cross-site request forgery attack or what is this and what's the solution?

Thanks.

Oswald Umeh
  • 121
  • 2
  • 9
  • Just like any data from the _client_ (i.e. browser), it can be [spoofed/modified](http://stackoverflow.com/q/3104647/304683). – EdSF May 10 '14 at 16:15
  • EdSF, Thanks for your response but that doesn't seem to help my case. I need answers to really understand this and a solution to fix it. – Oswald Umeh May 12 '14 at 06:22
  • Undertsood - I think the link helps you determine whether you (still) want to use such for your needs given its (trivial) fallibility. If you're relying on it for any type of security measure - _don't_ . So IMHO, and depending entirely on what you're using it for, don't "fix", rather, _change_ . – EdSF May 12 '14 at 15:37

0 Answers0