search

PortSwigger / param-miner

https://portswigger.net/blog/practical-web-cache-poisoning
Other
1.23k stars 166 forks source link

Add Fetch Metadata and User-Agent Client Hints to the list of headers #71

Closed jub0bs closed 2 years ago

jub0bs commented 2 years ago

Fetch Metadata request headers are interesting candidate headers for Web cache poisoning. Section 5.1 of the Fetch Metadata Request Headers W3C Working Draft states:

If a given endpoint’s response depends upon the values the client delivers in a Fetch metadata header, developers should be careful to include an appropriate Vary header [RFC7231], in order to ensure that caches handle the response appropriately. For example, Vary: Accept-Encoding, Sec-Fetch-Site.

So are User-Agent Client Hints. Section 3.2 of RFC 8942 states:

When selecting a response based on one or more Client Hints, and if the resource is cacheable, the server needs to generate a Vary response header field [RFC7234] to indicate which hints can affect the selected response and whether the selected response is appropriate for a later request.

See also https://twitter.com/jub0bs/status/1466728891758882816

albinowax commented 2 years ago

Thanks!