30 Sep
2008
30 Sep
'08
4:36 p.m.
On Tue, Sep 30, 2008 at 12:56:05PM +0000, corvid wrote:
So my latest little experiment: out of the image urls your browser sees that have queries (the '?a=b&c=d&e=f'), how many are
There's nothing wrong with that. Such an image URL is a simple GET request. Any web application doing a modification is broken by design and there are good reasons for allowing such URLs. The problem is allowing POST actions to a different site than the one issuing it. If you want to prevent CSRF, consider adding a warning for that (e.g. form action and current URL are not under the same second level domain). Joerg