in reply to Re: Is your web application really secure? ("CSRF")
in thread Is your web application really secure? ("CSRF")
I've thought for a while now that browsers probably shouldn't allow POST requests for another domain (especially scripted ones). Unfortunately that would break lots and lots of web applicationsA good start would be to warn the user that the form is sent to an external site, and not to send cookies.
|
---|
In Section
Meditations