W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: XHR and sandboxed iframes (was: Re: XHR without user credentials)

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 17 Jun 2009 17:32:26 -0700
Message-ID: <7789133a0906171732i3aa0f83en6695c9098ae2767d@mail.gmail.com>
To: "Mark S. Miller" <erights@google.com>
Cc: Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, Tyler Close <tyler.close@gmail.com>, public-webapps <public-webapps@w3.org>
On Wed, Jun 17, 2009 at 5:16 PM, Mark S. Miller<erights@google.com> wrote:
> On Wed, Jun 17, 2009 at 5:09 PM, Adam Barth <w3c@adambarth.com> wrote:
>> On Wed, Jun 17, 2009 at 5:02 PM, Mark S. Miller<erights@google.com> wrote:
>> > Not in this way. At least not according to Roy Fielding (Mr. REST)
>> > <http://lists.w3.org/Archives/Public/ietf-http-wg/2009JanMar/0037.html>.
>>
>> That email also claims that "CSRF is not a security issue for the
>> Web," so I guess we need not worry about these issues.  :)
>
> C'mon Adam, I was citing that regarding what "the point of a browser" is.

I know, but you do appreciate the irony in citing that email in a
discussion of how to mitigate CSRF.

Adam
Received on Thursday, 18 June 2009 00:33:17 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT