http://qs1969.pair.com?node_id=607313


in reply to Re: Is your web application really secure? ("CSRF")
in thread Is your web application really secure? ("CSRF")

As far as I know you a malicious site can't fake a referer header* (unless maybe if you allow cross-site XMLHTTP - but all modern browsers prohibit that - right?)

Never trust the browser

--MidLifeXis

Replies are listed 'Best First'.
Re^3: Is your web application really secure? ("CSRF")
by Joost (Canon) on Mar 29, 2007 at 19:25 UTC