http://www.perlmonks.org?node_id=606853


in reply to Re: Is your web application really secure? ("CSRF")
in thread Is your web application really secure? ("CSRF")

I've thought for a while now that browsers probably shouldn't allow POST requests for another domain (especially scripted ones). Unfortunately that would break lots and lots of web applications
A good start would be to warn the user that the form is sent to an external site, and not to send cookies.