Browsers strictly enforce referer restrictions to make sure that data from untrusted locations cannot act as an origin. Therefore, if an attacker can trick a user into loading a website with a malicious referer header, then the attacker can trick the user into sending data to the origin.
Range requests can be dangerous because they allow the user to send data without receiving data back. Once a website sends data to an attacker using a Range request, the attacker can then use that data for any purpose they would like. This could result in serious security concerns.
Range Requests in HTTP
To make sure that data from untrusted locations cannot act as an origin, browsers strictly enforce referer restrictions. If a website allows Range requests, it will accept data from maliciously crafted referers and therefore be vulnerable to this attack. In order for Range requests to work, the client must send a Content-Length header or else the server will return an error code.
Published on: 12/22/2022 20:15:00 UTC
Last modified on: 01/03/2023 20:55:00 UTC