I use a tool to intercept the request sent by baserow to the backend, and then modify the “Referer”, “WebSocketId”, and “Origin” in the request header, but the request still responds, are there any security issues? For example JSON Hijacking.
I’m not sure how this could result in a security problem. Would you mind elaborating more about which potential security problems you’re worried about? JSON Hijacking seems more like a browser bug.
WebSocketIdis something we use to exclude the sender from receiving real-time updates events.
- Because Baserow is API first, and we want external browsers, clients, etc to be able to make HTTP requests, we don’t check if the referrer or origin header matches the domain of the web-frontend. If we did that, it would limit the API.
My server has been attacked recently, so I want to check the security of the baserow on the server. I see the WebSocketId in the request header and want to test its function.
I intercept the request and modify the parameters in the request header. I can still access the data normally, so I’m worried about the risk of data leakage when being attacked
I know little about the implementation of the baserow function, so I may have some strange questions. Thank you for your patience
Please don’t call it
doubts about the security in that case, but rather
questions about the security or
questions about the headers next time. More information about the WebSocketId can be found here: https://baserow.io/docs/apis%2Fweb-socket-api. It’s simply used to exclude the sender from receiving unnecessary web socket events.
Ok, your suggestion is very correct, thanks！