W3C home > Mailing lists > Public > whatwg@whatwg.org > December 2008

[whatwg] CSRFs and Origin header and <form>s

From: Ian Hickson <ian@hixie.ch>
Date: Tue, 2 Dec 2008 11:27:52 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0812021126510.17414@hixie.dreamhostps.com>

I've added the Origin header to all non-GET browsing context navigation 
and to ping="" processing.

http://html5.org/tools/web-apps-tracker?from=2524&to=2525

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 2 December 2008 03:27:52 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:46 UTC