在Laravel中验证Referer

时间:2018-03-15 18:28:28

标签: php laravel

我的组织正在使用IBM AppScan测试我的laravel应用程序,它引发了以下问题。我不确定我应该验证推荐人的最佳方式。扫描细节

The following changes were applied to the original request:
- Set header to 'http://bogus.referer.ibm.com'
Reasoning:
The test result seems to indicate a vulnerability because the Test
Response is identical to the Original Response, indicating that the 
Cross-Site Request Forgery attempt was successful, even
though it included a fictive 'Referer' header.  

Request/Response:
GET /data/1?page=3 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Win32) Referer:  
http://bogus.referer.ibm.com
Host: xxxx.xxx.xxx.xxx
Accept: text/html,application/

1 个答案:

答案 0 :(得分:1)

Laravel依靠CSRF token来阻止应用程序进入CSRF。验证标头只会增加额外的安全性,但是可以伪造。