- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Fri, 10 Dec 2010 09:23:57 +0100
On 10.12.2010 01:46, Tab Atkins Jr. wrote: > ... > Indeed. You shouldn't be able to trigger POSTs from involuntary > actions. They should always require some sort of user input, because > there is simply *far* too much naive code out there that is vulnerable > to CSRF. > ... Thanks, Tab. It's sad that the discussion even got that far. If the URI length is a problem because of browsers, fix the browsers to extend the limits, instead of adding a completely new feature. Best regards, Julian
Received on Friday, 10 December 2010 00:23:57 UTC