]> git.kaiwu.me - haproxy.git/commit
BUG/MEDIUM: stats: Ensure that Origin is valid on POSTs
authorOlivier Houchard <ohouchard@haproxy.com>
Wed, 15 Jul 2026 14:02:37 +0000 (16:02 +0200)
committerOlivier Houchard <cognet@ci0.org>
Wed, 15 Jul 2026 14:46:14 +0000 (16:46 +0200)
commit3e7bfdba047af1397517dc2bc836bb193d63b495
treeae60fb60e25e451f5e960f4473783cafdb0c604e
parent5468ef0d755a75ac97f0b62f2e58841dc37906c5
BUG/MEDIUM: stats: Ensure that Origin is valid on POSTs

When receiving a POST on the stats interface, make sure that Origin (or
Referer if no Origin is found) matches the Host, to attempt to mitigate
a CSRF attack.

This should be backported up to 2.6.

Many thanks to Red Hat and AISLE Research for reporting this.
src/http_ana.c