Re^2: Is your web application really secure? ("CSRF")


Your skill will accomplish what the force of many cannot
	PerlMonks

Re^2: Is your web application really secure? ("CSRF")

by betterworld (Curate)

on Mar 27, 2007 at 19:31 UTC ( [id://606853]=note: print w/replies, xml )

Need Help??

in reply to Re: Is your web application really secure? ("CSRF")
in thread Is your web application really secure? ("CSRF")

I've thought for a while now that browsers probably shouldn't allow POST requests for another domain (especially scripted ones). Unfortunately that would break lots and lots of web applications

A good start would be to warn the user that the form is sent to an external site, and not to send cookies.

Comment on Re^2: Is your web application really secure? ("CSRF")

In Section Meditations

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://606853]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others surveying the Monastery: (4)

As of 2024-04-18 00:08 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found