Anti-CSRF fix in img tag useless? May 07, 2016, 04:13:13 pm Good point:http://www.simplemachines.org/community/index.php?topic=545700.0Quote from: qcHowever, it has always been and is still possible to include images with such an "action"-URL by simply pointing to an HTTP-redirect, e.g. [img]http://bit.ly/blabla[/img] with http://bit.ly/blabla redirecting to /index.php?action=DANGEROUSIn summary: this fix never worked, and should therefore be removed. The underlying problem that this fix was addressing should be fixed directly by e.g. introducing CSRF protection tokens where they are still missing (e.g. search).
Re: Anti-CSRF fix in img tag useless? Reply #1 – May 08, 2016, 04:32:43 am I thought the referer [sic] header was checked for that purpose?
Re: Anti-CSRF fix in img tag useless? Reply #2 – May 08, 2016, 04:42:32 am The idea is exactly that one (not only the referer but the section id as well), the reason I posted that one is because I'd like to be sure there isn't any place left that doesn't use checkSession.