Check host header instead of origin which might not be present WebGoa…

…t#475
jzheaux · Jun 13, 2018 · 3b9b695 · 3b9b695
1 parent 1d2575a
commit 3b9b695
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/plugin/CSRFFeedback.java b/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/plugin/CSRFFeedback.java
@@ -64,11 +64,11 @@ public AttackResult flag(@RequestParam("confirmFlagVal") String flag) {
 
     private boolean hostOrRefererDifferentHost(HttpServletRequest request) {
         String referer = request.getHeader("referer");
-        String origin = request.getHeader("origin");
+        String host = request.getHeader("host");
         if (referer != null) {
-            return !referer.contains(origin);
+            return !referer.contains(host);
         } else {
-            return true; //this case referer is null or origin does not matter we cannot compare so we return true which should of course be false
+            return true;
         }
     }
 

diff --git a/webgoat-lessons/csrf/src/test/java/org/owasp/webgoat/plugin/CSRFFeedbackTest.java b/webgoat-lessons/csrf/src/test/java/org/owasp/webgoat/plugin/CSRFFeedbackTest.java
@@ -46,7 +46,7 @@ public void csrfAttack() throws Exception {
         mockMvc.perform(post("/csrf/feedback/message")
                 .contentType(MediaType.TEXT_PLAIN)
                 .cookie(new Cookie("JSESSIONID", "test"))
-                .header("origin", "localhost:8080")
+                .header("host", "localhost:8080")
                 .header("referer", "webgoat.org")
                 .content("{\"name\": \"Test\", \"email\": \"[email protected]\", \"subject\": \"service\", \"message\":\"dsaffd\"}"))
                 .andExpect(jsonPath("lessonCompleted", is(true)))