[whatwg] CSRFs and Origin header and <form>s from Ian Hickson on 2008-12-02 (public-whatwg-archive@w3.org from December 2008)

From: Ian Hickson <ian@hixie.ch>
Date: Tue, 2 Dec 2008 11:27:52 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0812021126510.17414@hixie.dreamhostps.com>

I've added the Origin header to all non-GET browsing context navigation 
and to ping="" processing.

http://html5.org/tools/web-apps-tracker?from=2524&to=2525

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Tuesday, 2 December 2008 03:27:52 UTC