go ahead... be a heretic | |
PerlMonks |
Re^2: Is your web application really secure? ("CSRF")by betterworld (Curate) |
on Mar 27, 2007 at 19:31 UTC ( [id://606853]=note: print w/replies, xml ) | Need Help?? |
I've thought for a while now that browsers probably shouldn't allow POST requests for another domain (especially scripted ones). Unfortunately that would break lots and lots of web applicationsA good start would be to warn the user that the form is sent to an external site, and not to send cookies.
In Section
Meditations
|
|